KR102473187B1 - Access control system and access control method using the same - Google Patents

Abstract

The present invention relates to an access control system and an access control method using the same, and an access control method according to an aspect of the present invention determines whether or not use of an electronic device is permitted based on whether a user terminal enters an electronic device installation space. As an access management method for determining, the step of obtaining, by an authentication server, entry history information from a user terminal; receiving a request for the authentication server to determine whether to permit a user requesting use of the electronic device; determining, by the authentication server, whether use of the electronic device is permitted; transmitting, by the authentication server, a result of determining whether use is permitted to the electronic device; and permitting or rejecting the use of the electronic device based on a result of determining whether the use is permitted.

Description

Access control system and access control method using the same {ACCESS CONTROL SYSTEM AND ACCESS CONTROL METHOD USING THE SAME}

The present invention relates to an access control system and an access control method using the same.

An access control system is a system that recognizes and manages a person who wants to enter a specific space through a door, and is widely used not only in access control facilities that maintain high security, but also in general offices and homes.

As authentication methods conventionally used in such an access control system, an authentication method using a magnetic card, a smart card, a non-contact wireless card, and the like, and an authentication method using biometric information such as a fingerprint of a person entering and exiting the system are used.

In this conventional authentication method, a person can enter and exit a door only when authentication is performed through an authentication device installed near a door to be entered. In this way, since authentication must be performed through a separate authentication device, there is a problem in that it takes a long time to perform authentication when there are a large number of visitors. In addition, the user has the inconvenience of having to always have a separate authentication means such as a magnetic card, and if the separate authentication means is lost, there is a problem that an illegal entrant who steals the separate authentication means can enter the door.

In addition, in the conventional authentication method, since a control server that manages authentication devices installed near the door is provided and authentication is performed only when authentication is performed using the control server, communication between the control server and authentication devices installed near the door is disconnected or the control server In the disabled state, there is a problem in that entry and exit of the door is impossible.

Recently, efforts have been made to improve user convenience and security of the access control system at the same time in order to solve these problems.

One object of the present invention is to provide an access control system and an access control method using the same, which can increase the security of the access control system while increasing user convenience.

The problem to be solved by the present invention is not limited to the above-mentioned problems, and problems not mentioned will be clearly understood by those skilled in the art from this specification and the accompanying drawings. .

According to an aspect of the present invention, an access management method for determining whether or not use of an electronic device is permitted based on whether a user terminal enters an electronic device installation space, wherein an authentication server obtains entry history information from a user terminal. doing; receiving a request for the authentication server to determine whether to permit a user requesting use of the electronic device; determining, by the authentication server, whether use of the electronic device is permitted; transmitting, by the authentication server, a result of determining whether use is permitted to the electronic device; and permitting or denying the use of the electronic device based on a result of determining whether or not the use is permitted.

According to another aspect of the present invention, the step of obtaining, by the authentication server, entry history information on the target room from the user terminal; Transmitting, by the authentication server, a command for activating a room function of the target room to a controller; obtaining, by an authentication server, entry history information about the target room from a user terminal; Transmitting, by the authentication server, a command for inactivating a room function of the target room to the controller; obtaining, by an authentication server, a request for function activation from the user terminal; An access control method may be provided, which includes transmitting, by an authentication server, an activation command for a function requested from the user terminal to a controller.

According to another aspect of the present invention, obtaining access history information for the first door; requesting activation of a room function of a room occupied by a user of a user terminal that has transmitted access history information on the first door; determining whether access history information on a second door is acquired within a predetermined time; and requesting deactivation of a room function of the guest room when access history information on the second door is not acquired within the predetermined time.

According to another aspect of the present invention, a recording medium on which a program for performing the above-described method is recorded may be provided.

According to another aspect of the present invention, a server device for determining whether or not use is permitted for an electronic device based on whether a user terminal enters an installation space of the electronic device, comprising: a server communication unit; and obtains entry history information from the user terminal, receives a request from the electronic device to determine whether or not to permit the user who has requested use, determines whether or not to use the electronic device, and transmits a result of the decision on whether or not to use the electronic device to the electronic device. A server device including a server control unit for transmission may be provided.

According to the present invention, user convenience can be increased by allowing an authorized door to be opened without the need for additional authentication while the authentication token is valid by utilizing the authentication token.

In addition, according to the present invention, user convenience can be increased by allowing the authorized door to be opened while the authentication token is valid even in a situation where the authentication server is disabled or communication between the authentication server and the door opening/closing device is disconnected.

In addition, according to the present invention, it is possible to manage the user's legitimate use by considering the access status information for entry or exit.

In addition, according to the present invention, when a specific event such as an emergency occurs, it is possible to more quickly and accurately support the user's evacuation by forcibly updating the authentication token.

In addition, according to the present invention, it is possible to strengthen the security against the use of an electronic device by an unauthorized intruder by permitting the use of the electronic device in consideration of whether or not to enter the space.

The effect of the present invention is not limited to the above-mentioned effects, and effects not mentioned will be clearly understood by those skilled in the art from this specification and the accompanying drawings.

1 is an environment diagram of an access control system according to an embodiment of the present invention.
2 is a block diagram of an authentication server according to an embodiment of the present invention.
3 is a block diagram of a terminal according to an embodiment of the present invention.
4 is a block diagram of a door opening and closing device according to an embodiment of the present invention.
5 is an exemplary view of a table showing a data structure of information included in an authentication token according to an embodiment of the present invention.
6 is a flowchart of a user registration method according to an embodiment of the present invention.
7 is a flowchart of an authentication token issuance method according to an embodiment of the present invention.
8 is an environment view of a door opening management method according to an embodiment of the present invention.
9 is a flowchart of a door opening management method according to an embodiment of the present invention.
10 is an environment diagram of an access state management method according to an embodiment of the present invention.
11 is a flowchart illustrating a method for managing an access state according to an embodiment of the present invention.
12 is a flowchart illustrating a first modified example of a method for managing an access state according to an embodiment of the present invention.
13 is a flowchart illustrating a second modified example of an access state management method according to an embodiment of the present invention.
14 is a flowchart illustrating a third modified example of a method for managing an access state according to an embodiment of the present invention.
15 is a flowchart illustrating a fourth modified example of the access state management method according to an embodiment of the present invention.
16 is a flowchart illustrating a fifth modified example of a method for managing access conditions according to an embodiment of the present invention.
17 is an environment view of a door having a metrological structure according to a sixth modified example of the present invention.
18 is a flowchart illustrating a sixth modified example of an access state management method according to an embodiment of the present invention.
19 is an environment diagram of a method for compulsory change of authority according to an embodiment of the present invention.
20 is a flowchart illustrating a method for compulsory change of authority according to an embodiment of the present invention.
21 is an exemplary diagram illustrating operations of a door opening and closing device according to an embodiment of the present invention in a general situation and a special event occurrence situation.
22 is an environment diagram of a regional association security method according to an embodiment of the present invention.
23 is a flowchart illustrating a local link security method according to an embodiment of the present invention.
24 is a flowchart illustrating a first modified example of a regional linkage security method according to an embodiment of the present invention.
25 is a flowchart illustrating a second modified example of a regional linkage security method according to an embodiment of the present invention.

The foregoing objects, features and advantages of the present invention will become more apparent from the following detailed description taken in conjunction with the accompanying drawings. However, the present invention can apply various changes and can have various embodiments. Hereinafter, specific embodiments will be illustrated in the drawings and described in detail.

In the drawings, the thickness of layers and regions is exaggerated for clarity, and elements or layers may be "on" or "on" other elements or layers. What is referred to includes all cases where another layer or other component is intervened in the middle as well as immediately above another component or layer. Like reference numerals designate essentially like elements throughout the specification. In addition, components having the same function within the scope of the same idea appearing in the drawings of each embodiment are described using the same reference numerals.

If it is determined that a detailed description of a known function or configuration related to the present invention may unnecessarily obscure the subject matter of the present invention, the detailed description will be omitted. In addition, numbers (eg, first, second, etc.) used in the description process of this specification are only identifiers for distinguishing one component from another component.

In addition, the suffixes "module" and "unit" for the components used in the following description are given or used interchangeably in consideration of ease of writing the specification, and do not have meanings or roles that are distinguished from each other by themselves.

1. Definition of terms

Terms used in this specification may be defined as follows.

(1) door

A door may block or allow passage to an area. The door may include a doorframe and a door leaf. The door frame may be of fixed configuration defining an area in which passage is to be blocked or allowed. Depending on the position of the door leaf, the position of blocking or permitting passage may be changed, and the position of the door may be varied by an external force. The variable position of a door leaf may have a comprehensive meaning including not only movement of the entire door leaf but also movement by rotation. In this specification, the door frame and the door leaf are collectively referred to as a door. Therefore, the movement and position change of the door described herein may mean the movement and position change of the door leaf.

(2) Closing/opening the door

The closing of the door may refer to a state in which the door is positioned at a position blocking passage of a zone defined by the door frame, and the opening of the door is a position in which a space to pass through a zone defined by the door frame is secured. may indicate a state in which a door leaf is located in . The state change of the door used in this specification may be at least one of a state change from closed to open and a state change from open to closed.

Also, the closing operation of the door may be a process of moving the door leaf from the open position to the closed position, and the opening operation of the door may be performing a process of moving the door leaf from the closed position to the open position.

Further, in the present specification, closing and opening a door may include a state change according to a position movement of a door leaf as well as whether the door can be opened by unlocking or cannot be opened by locking. Accordingly, in some embodiments of the present invention, closing the door may mean that the door is in a locked state, and opening the door may mean that the door is in an unlocked state.

In one embodiment of the present invention, closing and opening of the door and locking and unlocking of the door may be independent of each other.

For example, an obstacle may be provided by means of a locking unit even if the door is not closed. For another example, even when the door is unlocked, the door leaf may be positioned in the closed position. Accordingly, the door may not necessarily be in a locked state when the door is in a closed state and be in an unlocked state when the door is in an open state.

(3) Door lock/unlock

Locking and unlocking may relate to whether or not the door can be opened.

The locking of the door may mean that an external force or an obstacle is provided to prevent the door from opening, and the unlocking may mean that the provision of an external force or an obstacle is released so that the door can be opened.

In addition, the locking operation of the door may perform a process for providing an external force and/or an obstacle to prevent opening, and the unlocking operation of the door provides an external force and/or an obstacle to prevent the door from being opened. It may be to perform the process of releasing.

(4) Access

Entry and exit may be for a user to pass through a space defined by a door frame. Entry and exit may be divided into entry in which a user holding a terminal moves from the outside of the door to the inside of the door, and entry in which a user in possession of the terminal moves from the inside of the door to the outside of the door.

(5) inside/outside of door

The inner side of the door may refer to an area in which access of persons without permission to access the door is controlled, and the outer side of the door may refer to an opposite side of the inner side with respect to the door. For example, according to embodiments of the present invention, a user having legitimate access rights to a specific door may enter from the outside to the inside of the specific door, but a person who does not have legitimate access rights may enter the specific door according to embodiments of the present invention. Depending on these, it is not possible to enter the inside from the outside of the specific door.

(6) Token

In this specification, a token may be data in a predetermined format including at least some information used in an access control system. In this specification, tokens may be classified into authentication tokens and renewal tokens according to usage. The distinction between authentication tokens and update tokens is that information included in the tokens is different from each other, but the tokens may have the same format. However, the formats of the authentication token and the renewal token are not necessarily the same, and the authentication token and the renewal token may be provided in different formats according to embodiments. In this specification, the types of tokens refer to the authentication token and the renewal token It may be classified according to the purpose of use of the token, such as, etc., and the format of the token may be any format defined by the service provider. In addition, JWT (Json Web Token), SAML (Security Assertion Markup Language) and XrML (eXtensible rights Markup Language), etc.

(7) User identification information

User identification information may be information for identifying a specific user among a plurality of users in the access control system 10000 of the present invention. For example, the user identification information may be identification information uniquely assigned to the user, such as an ID.

(8) User information

User information may be information used to generate the aforementioned user identification information. For example, user information is personal information of a user, and may be information normally required to identify the user, such as a resident registration number, date of birth, address, company number, and mobile phone number.

(9) Terminal identification information

The terminal identification information may be information for identifying a specific user terminal among a plurality of user terminals. For example, device identification information includes UUID (Universal Unique Identifier), UID (Unique Identifier), device IP address, MAC address, CPU (MCU) serial number or HDD serial number, and device communication It may include at least one of the numbers.

(10) Door identification information

The door identification information may be information for identifying a specific door among a plurality of doors. For example, the door identification information may be at least one of identification information assigned to the door and identification information assigned to the door opening/closing device. Door identification information may be stored in the door storage unit. Also, according to some embodiments of the present invention, door identification information may be included in an authentication token.

2. System configuration

1 is an environment diagram of an access control system 10000 according to an embodiment of the present invention.

Referring to FIG. 1 , an access control system 10000 may include an authentication server 1000, a terminal 2000, a door opening/closing device 3000, a door 4000, and a third party authentication server 5000.

The authentication server 1000 may be connected to an external electronic device. Hereinafter, when a specific device is connected to another device, it means that a specific device and another device are physically connected, a specific device is electrically connected to another device, or a specific device and another device are communicatively connected. may contain at least one. In the above example, that the authentication server 1000 is connected to an external electronic device means that the authentication server 1000 and the external electronic device are communicatively connected, for example, the authentication server 1000 and the external electronic device. It may mean that data can be transmitted and received with each other.

According to some embodiments of the present invention, the authentication server 1000 may be connected to the terminal 2000. Also, according to some embodiments of the present invention, the authentication server 1000 may be connected to a third party authentication server 5000. Also, although not shown in FIG. 1 , according to some embodiments of the present invention, the authentication server 1000 may be connected to the office electronic device 6000 and the hotel controller 7000 . According to an embodiment of the present invention, the authentication server 1000 may perform authentication.

The authentication server 1000 may perform authentication of the user of the terminal 2000 . Alternatively, the authentication server 1000 may perform authentication of the terminal 2000 itself.

The terminal 2000 may be connected to the authentication server 1000 and the door opening/closing device 3000 . The terminal 2000 may provide data necessary for user registration and authentication to the authentication server 1000 . In addition, the terminal 2000 may transmit data required for a door opening request to the door opening/closing device 3000, and may obtain data about a result of the door opening request from the door opening/closing device 3000. In addition, the terminal 2000 may exchange various data with the authentication server 1000 and the door opening/closing device 3000 .

Also, the terminal 2000 may provide applications for performing some embodiments to be described later.

Also, the terminal 2000 may be, for example, a smart phone, a tablet, a PDA, a laptop computer, and a wearable device. For another example, the terminal 2000 may be a smart card capable of recording data, an IC card, a magnetic card, and an RF chip.

Also, the terminal 2000 may be divided into a user terminal 2000a and a manager terminal 2000b according to roles.

The door opening and closing device 3000 may control opening or closing of the door 4000 .

For example, the door opening and closing device 3000 may be installed on the door 4000 to control locking or unlocking of the door 4000 . The door opening and closing device 3000 does not necessarily have to be installed on the door, and may be provided in various forms depending on selection. For example, the door opening/closing device 3000 may be installed on a wall adjacent to a door to provide or remove an obstacle to the door. Also, when the door 4000 is an automatic door, the door opening and closing device 3000 may open or close the door 4000 by changing the position of a leaf.

In addition, the door 4000 may block or permit passage of a zone.

Also, the state of the door 4000 may be changed by the door opening/closing device 3000 .

Also, according to some embodiments of the present invention, a plurality of door opening and closing devices 3000 may be connected to each other. For example, as shown in FIG. 1 , the first door opening and closing device 3000a and the second door opening and closing device 3000b may be connected to each other. Also, a greater number of door opening and closing devices 3000 than those shown in FIG. 1 may be connected to each other. In addition, in the plurality of door opening and closing devices 3000, not all door opening and closing devices 3000 need to be connected to each other, and may be provided connected in series. For example, the first door opening and closing device 3000a may be connected to the second door opening and closing device 3000b, and the second door opening and closing device 3000b may be connected to a third door opening and closing device (not shown). have. Also, according to selection, a plurality of door opening and closing devices 3000 may be provided in a form connected in parallel to one door opening and closing device 3000 . The connection between the plurality of door opening and closing devices 3000 is not limited to the above example, and may be provided in various forms according to selection.

In addition, connection between the plurality of door opening and closing devices 3000 is not essential, and the plurality of door opening and closing devices 3000 according to some embodiments of the present invention may be provided in a form in which they are not connected to each other.

However, the environment diagram shown in FIG. 1 is only an example for convenience of description and is not limited thereto. According to some embodiments of the present invention, configurations may be added or excluded from the environment diagram of FIG. 1 and may also be subdivided.

2 is a block diagram of an authentication server 1000 according to an embodiment of the present invention.

Referring to FIG. 2 , the authentication server 1000 may include a server communication unit 1100, a server input unit 1200, a server storage unit 1300, a server display unit 1400, and a server control unit 1500.

The server communication unit 1100 may connect the authentication server 1000 and external electronic devices. That is, the server communication unit 1100 may transmit/receive data with an external electronic device. Also, the server communication unit 1100 may maintain or disconnect a communication connection with the terminal 2000 as needed. Also, the server communication unit 1100 may be provided to constantly maintain a connection with the terminal 2000 according to an embodiment.

Also, the server communication unit 1100 may be a communication module supporting at least one communication method among a wired communication method and a wireless communication method.

The server input unit 1200 may obtain an electrical signal corresponding to a user input. For example, the server input unit 1200 may include a keypad, keyboard, switch, button, and touch screen.

The server storage unit 1300 may store data.

For example, the server storage unit 1300 may store data acquired from the terminal 2000 . For another example, the server storage unit 1300 may store programs necessary for the operation of the authentication server 1000 .

The server display unit 1400 may output visual information.

For example, the server display unit 1400 may be an LCD, OLED, or AMOLED display.

The server controller 1500 may oversee operations of the authentication server 1000 .

The authentication server 1000 of the present invention does not necessarily have to include all of the above-described components, and may be provided in a form excluding some components according to selection. For example, when the authentication server 1000 does not directly provide visual information, the authentication server 1000 may be provided in a form in which the server display unit 1400 is excluded. In addition, the authentication server 1000 may be provided in a form in which a configuration for performing additional functions and operations is added according to selection.

3 is a block diagram of a terminal 2000 according to an embodiment of the present invention.

Referring to FIG. 3, a terminal 2000 includes a terminal communication unit 2100, a terminal display unit 2200, a terminal input unit 2300, a location information collection unit 2400, a terminal storage unit 2500, and a terminal control unit 2600. can include

The terminal communication unit 2100 may connect the terminal 2000 to an external electronic device. For example, the terminal communication unit 2100 may connect the user terminal 2000a to external electronic devices such as the authentication server 1000, the door opening/closing device 3000, and the third party authentication server 5000. Also, the terminal communication unit 2100 may be a communication module supporting wired and/or wireless communication.

The terminal display unit 2200 may output visual information.

When the terminal display unit 2200 is provided as a touch screen, the terminal display unit 1200 may perform the function of the terminal input unit 2300. In this case, a separate terminal input unit 2300 may not be provided according to selection, and a terminal input unit 2300 that performs limited functions such as volume control, power button, and home button may be provided.

The terminal input unit 2300 may obtain a signal corresponding to a user's input.

The terminal input unit 2300 may be implemented as, for example, a keyboard, a keypad, a button, a jog shuttle, and a wheel.

Also, the user's input may be, for example, button press, touch, and drag.

When the terminal display unit 2200 is implemented as a touch screen, the terminal display unit 2200 may serve as a terminal input unit 2300.

The location information collecting unit 2400 may obtain location information for the terminal 2000 to determine its own location. For example, the location information collection unit may be a module that obtains coordinate information for determining a location, such as a GPS module.

The terminal storage unit 2400 may store data.

The terminal storage unit 2400 may be implemented with, for example, flash memory, RAM, ROM, SSD, SD CARD, and optical disk.

The terminal storage unit 2400 may store data required for operation of the terminal 2000 .

The terminal control unit 2500 may oversee operations of the terminal 2000 .

4 is a block diagram of a door opening and closing device 3000 according to an embodiment of the present invention.

Referring to FIG. 4 , the door opening and closing device 3000 includes a door communication unit 3100, a door display unit 3200, a door audio output unit 3300, a door sensor unit 3400, a door storage unit 3500, and a door power unit. 3600 and a door control unit 3700.

The door communication unit 3100 may be a communication module capable of communicating with external electronic devices.

The door communication unit 3100 may connect the door opening/closing device 3000 and the terminal 2000.

The door communication unit 3100 may connect communication using a wireless communication method. For example, the door communication unit 3100 is a wireless Internet interface such as WLAN (Wireless LAN), WiFi (Wireless Fidelity), WiFi Direct, Bluetooth, BLE (Bluetooth Low Energy), infrared communication (Infrared Data Association; IrDA) ) may be a communication module supporting a wireless communication method such as In addition, the door communication unit 3100 may be a reader capable of reading information from external electronic devices such as an RF reader, an IC reader, and a magnetic reader.

The door display unit 3200 may output visual information.

The door display unit 3200 may output information to visually provide to the user. When the door display unit 3200 includes a touch panel, the door display unit 3200 may operate as an input device based on touch input.

The door voice output unit 3300 may output information to be provided to the user aurally.

For example, the audio output unit 3300 may be a speaker and a buzzer that output sound.

The door sensor unit 3400 may acquire a signal for an external environment required for the door opening and closing device 3000 . For example, the door sensor unit 3400 may obtain a signal about a distance between a user and an object. For another example, the door sensor unit 3400 may obtain a signal necessary for determining the position of a door leaf.

The door storage unit 3500 may store a program for performing a control operation of the door controller 3700, and may store data received from the outside and data generated from the door controller 3700.

The door power unit 3600 may provide power necessary for locking or unlocking the door. In addition, the door power unit 3600 may provide power required to open or close the door when the door 4000 is implemented as an automatic door.

The door power unit 3600 may be provided as a motor, solenoid, actuator, or the like.

When the door power unit 3600 provides power necessary for locking or unlocking the door, the door power unit 3600 may provide power to change and/or maintain the locking unit in a locked or unlocked state. The locking unit (not shown) may be provided as, for example, a deadbolt, a latch bolt, or a combination thereof. In addition, the locking unit is not limited to the dead bolt and latch bolt described as an example, and commonly used locking units may be used.

The door control unit 3600 controls the overall operation of the door opening and closing device 3000.

The door control unit 3600 may control the operation of several components included in the door opening and closing device 3000 . Also, the door control unit 3600 may obtain signals from several components included in the door opening and closing device 3000 . In addition, the door control unit 3600 may control operations to perform some steps performed by the door opening and closing device 3000 among steps described in methods to be described later, or perform calculations necessary for performing the steps.

In the above, the access control system 10000 related to various embodiments of the present invention, components included in the access control system 10000, operations, terms, etc. have been described. The above-described access control system 10000, components, operations, terms, etc. included in the access control system 10000 will also be applied to various methods and embodiments to be described below, but the access control system 10000 will be described below. It is clearly stated that the management system 10000 does not necessarily have to be configured to have the above-described configuration and functions, and can also be applied to an access control system configured differently from the above-described access control system 10000.

3. Authentication Tokens and Renewal Tokens

3.1 Authentication Token Overview

The authentication token is data issued by the authentication server 1000 to the issuance subject and may be data that can be used to determine the authority granted to the issuance subject. Here, the issue subject may include at least one of a user and the terminal 2000 . The issuance target may be divided into a user and the terminal 2000 , but issuance of an authentication token may be performed by transmitting the authentication token to the terminal 2000 .

The authentication token may include a variety of information, and the information included in the authentication token will be described in detail with reference to FIG. 5 .

5 is an exemplary view of a table showing a data structure of information included in an authentication token according to an embodiment of the present invention.

Referring to FIG. 5 , an authentication token according to some embodiments of the present invention may include at least one of rights information indicating rights granted to an issuing subject, valid conditions, issuer information, and recipient information. However, FIG. 5 is only an example for convenience of explanation, and the authentication token of the present invention is not limited thereto, and some information may be excluded or various additional information may be added according to selection.

Hereinafter, various information that may be included in the authentication token will be described in more detail.

According to some embodiments of the present invention, an authentication token may include authorization information.

According to some embodiments of the present invention, the authority information may be information used to determine whether or not a subject to be issued has access authority to a specific door among at least one door 4000 .

In addition, according to some embodiments of the present invention, the authority information may be information used to determine whether or not an issuing subject has access rights to a specific space among at least one space. Accordingly, when authority information is granted to a space, authority to all degrees provided in the space may be granted.

In addition, according to some embodiments of the present invention, the authority information may be information capable of determining whether or not there is authority to use a function or electronic device. Here, the function relates to a service provided by the electronic device, and may be, for example, a function of mail, web surfing, USB use and editing. In addition, if the authority information includes the authority for the function, the authority information can be used to determine whether there is authority to read mail, whether there is authority to send mail, whether there is authority to use the USB port, etc. . In addition, electronic devices may refer to electronic devices such as office electronic devices such as PCs, printers, and fax machines, and electronic devices used in hotel rooms or homes, such as lights, air conditioners, heaters, and TVs.

In one embodiment, the authority information may be generated based on the authority set for the issuance target.

According to some embodiments of the present invention, the authentication server 1000 may store in advance the authority set for the issuing target. The authentication server 1000 may obtain authority setting information about what authority to set for an issuing subject from the manager terminal 2000b, and may set authority for an issuing subject based on the obtained authority setting information. Permission setting information does not necessarily have to be obtained through the manager terminal 2000b, and may be obtained in various ways according to embodiments. For example, the authentication server 1000 may obtain authority setting information from an administrator through the server input unit 1200 .

When the issuing target is a user, the authentication server 1000 may set authority for each pre-registered user and may store the set authority. In addition, when the issuing target is the terminal 2000, the authentication server 1000 may set and store authority for each pre-registered terminal 2000.

Setting authority does not necessarily have to be performed for each individual issuance target, and authority may be set for each grouped issuance target according to selection. For example, if publication targets are grouped by grade, the first type of permission can be set for all issue targets grouped in A grade, and the second type of permission can be set for all issue targets grouped in B grade. It can be.

Authorization information to be included in authentication information may be determined based on the set authority.

Authorization information according to some embodiments of the present invention may include at least one of information and function of door access authorization or information on use authorization of electronic devices.

When the authority information is information about door access authority, the authority information may include at least one of door identification information and authority values.

The door identification information may include at least a portion of door identification information included in a door identification information list previously stored in the authentication server 1000 .

Authorization information may include door identification information to which authorization is granted. Alternatively, the authority information may include all door identification information registered in the authentication server 1000 .

Authorization information may include an authorization value corresponding to door identification information. The authority value may be divided into a value indicating that authority is granted and a value indicating that there is no authority. For example, as shown in FIG. 5 , the authentication token may include 'first door', which is identification information about the first door, and an authority value '1' indicating that authority is granted to the first door. For another example, as shown in FIG. 5 , the authentication token may include 'second door', which is identification information about the second door, and an authority value '0' indicating that the second door has no authority.

Authentication tokens according to some embodiments of the present invention may omit authority values. In this case, the door opening/closing device 3000 may determine whether or not there is authority based on whether the authentication token includes identification information on the corresponding door opening/closing device 3000 or door 4000 having received the authentication token. . For example, the door opening/closing device 3000 may determine that the authentication token has authority when identification information on the corresponding door opening/closing device 3000 or door 4000 having received the authentication token is included.

Authorization information according to some embodiments of the present invention may be information about the authority to use a function.

Authorization information may include authorized functions and electronic devices. Alternatively, the authority information may include functions and electronic devices registered in the authentication server 1000 .

Even in this case, the authority information may include identification information capable of identifying functions and electronic devices, similarly to the embodiment of the door opening and closing device 3000 . In addition, the authority information may include an authority value indicating whether or not authority for functions and electronic devices is present.

Also, the authentication token may include an authentication validity condition.

An authentication token may be valid for a limited period after issuance. Whether an authentication token is valid up to a point in time may depend on authentication validity conditions.

According to some embodiments of the present invention, whether the authentication token is valid may be determined by at least one of the terminal 2000 and the door opening/closing device 3000 . Also, whether the authentication token is valid may be determined based on a validity condition.

In addition, the authentication token may further include authentication token status information indicating whether the current authentication token is valid or expired. Authentication token state information may be changed according to the valid or expired state of the authentication token.

According to some embodiments of the present invention, the terminal 2000 may set authentication token state information to expire when it is determined that the authentication token has expired. Also, according to some embodiments of the present invention, the terminal 2000 may reject transmission of the authentication token to the door opening/closing device 3000 when it is determined that the authentication token has expired.

Hereinafter, an authentication valid condition of an authentication token according to some embodiments of the present invention will be described by way of example.

The validity condition of the authentication token is a condition used to determine whether the corresponding authentication token is valid, and the authentication validity condition may include at least one of the validity time, the location of the user terminal, the number of times of use, and whether or not a request from the authentication server has been made. and, depending on selection, may be provided in a combination thereof. When the authentication valid condition is provided as a combination of various conditions, it may be implemented so that the authentication token is determined to be valid when all of the included conditions are satisfied. Alternatively, when the authentication valid condition is provided as a combination of various conditions, the authentication token may be determined to be valid when at least one of the included conditions is satisfied.

These validity conditions can be equally applied to all authentication tokens. In addition, it may be differently assigned to each issuing subject or grade according to selection.

A validity condition of an authentication token according to some embodiments of the present invention may be an authentication time. Here, the valid time represents a predetermined time during which the authentication token can be valid, and for example, the valid time may start from the issuance time of the token. Also, the predetermined time may be preset in the authentication server.

For example, an authentication token may include an expiration time such that it is valid for 6 hours from the time of issuance. The authentication token may include time information about the time of issuance and information about how much time elapses from the time of issuance until it is valid. The entity determining whether the authentication token is valid may determine whether the authentication token is valid based on whether the current time for determining whether the authentication token is valid is after the valid time has elapsed from the time of issuance of the authentication token. For a more specific example, if the issuance time of the authentication token is 00:00 and the validity condition from the issuance time is within 6 hours from the issuance time, the door opening/closing device 3000 determines whether the authentication token is valid or not is 5:00. It may be determined that the token is valid, and when the current time for determining validity of the authentication token is 7:00, it may be determined that the authentication token is invalid. Here, the authentication judging subject may be at least one of the authentication server 1000, the terminal 2000, and the door opening/closing device 3000 as a configuration for determining whether or not to authenticate.

For another example, the authentication token may include elapsed time information for determining whether a certain amount of time has elapsed from the time of issuance. When a value according to the elapsed time information gradually increases and reaches a threshold value determined to be expired, the authentication token may be determined to be expired. Conversely, when the value according to the elapsed time information gradually decreases and reaches a threshold according to the selection, it may be determined that the authentication token has expired.

A validity condition of an authentication token according to some embodiments of the present invention may be a location.

When the validity condition is location, the authentication token may be valid only in a predetermined location. That is, it may be determined that the authentication token has expired when it is out of a predetermined location. When the validity condition of the authentication token is location, whether the authentication token is valid may be determined based on location information obtained from the location information collecting unit 2400 .

When the determining subject is not the terminal 2000 but the authentication server 1000 and the door opening/closing device 3000, the terminal 2000 may determine whether the authentication token is valid or not based on the location information of the terminal 2000. It is possible to provide location information to the judging subject. The location information may be at least one of location information on the location of the terminal at the time of issuance of the authentication token and the current location of the terminal.

For example, when the location range included in the valid condition is within the range of 100 m based on the company building, the door opener 3000 determines that the authentication token is invalid if the location where the authentication token is issued is out of the location range included in the valid condition. can be judged to be

For another example, when the location range included in the valid condition is within the range of 100 m based on the company building, the door opening/closing device 3000 compares the location information obtained from the terminal 2000 with the location range included in the valid condition. If the location information is out of the location range included in the validity condition, it may be determined that the authentication token is invalid.

For another example, when it is determined that the current location information is out of the location range included in the validity condition, the terminal 2000 may determine that the authentication token is in an expired state and change the state of the authentication token to expired.

The range of locations included in these valid conditions may be differently assigned to each issuing subject or grade.

In addition, the predetermined location may be a predetermined area based on a specific location as well as one location. For example, as shown in FIG. 5 , when a valid condition is a location, the valid condition may include a range of location information.

A validity condition of an authentication token according to some embodiments of the present invention may be the number of times of use. Here, the use of the authentication token may be an operation of transmitting the authentication token to the service provider. Alternatively, use of the authentication token may be authorized after transmitting the authentication token to the service provider. When the validity condition is the number of uses, the authentication token may be valid only for a predetermined number of uses. That is, when the predetermined number of uses is exceeded or when the predetermined number of uses is exhausted, it may be determined that the authentication token has expired. Also, the authentication token may include information capable of determining the number of uses. Information capable of determining the number of uses does not necessarily have to be included in the authentication token, and may be provided as information separate from the authentication token.

For example, if the number of uses of the valid condition is 5 times, and the authentication token is transmitted to the door opening/closing device 3000 5 times, it may be determined that the authentication token has expired.

For another example, if the number of times of use of the valid condition is 7, the authentication token may be determined to be expired when the authentication token is transmitted to the door opening/closing device 3000 and approval for door opening 7 is obtained.

For another example, if the number of uses of the valid condition is 3 times and the authentication token is sent to the door opening/closing device (3000), the access authentication fails (for example, if the rejection message is received 3 times) the authentication token may be considered expired.

According to some embodiments of the present invention, the authentication token may include access status information.

Access state information may be information for determining whether a user has entered or exited. More various embodiments related to access status information will be described in detail in 4.2 Access Status Management Method.

According to some embodiments of the invention, an authentication token may include issuer information.

The issuer information may be identification information for identifying the authentication server 1000 that issued the authentication token. The issuer information may be identification information for identifying a service provider that operates the authentication server 1000 that issued the authentication token. Issuer information can be used to determine whether an authentication token is issued from a legitimate issuer to prevent hacking and counterfeiting.

According to some embodiments of the present invention, an authentication token may include recipient information.

The authentication token may be issued for at least one of the user and the terminal 2000 .

Accordingly, the recipient information may be information for identifying who issued the authentication token. The recipient information may include at least one of user identification information and terminal identification information.

According to some embodiments of the present invention, an authentication token may include authentication token status information.

The authentication token state information may be information indicating whether the authentication token is in a 'valid' state or an 'expired' state.

3.2 Issuance of Authentication Tokens

3.2.1 User registration (user registration and permission setting)

Hereinafter, a user registration method according to an embodiment of the present invention will be described with reference to FIG. 6 .

User registration described below may be registering at least one of information about a user using the access control system 10000 and a user terminal 2000a that the user intends to use in the authentication server 1000 .

6 is a flowchart of a user registration method according to an embodiment of the present invention.

Referring to FIG. 6, the user registration method according to an embodiment of the present invention includes obtaining user information (S100), registering user information (S110), and setting authority for user information (S140). can include

According to some embodiments of the present invention, obtaining user information may be performed (S110). Acquiring user information may be a step in which the authentication server 1000 obtains at least one of user information and terminal identification information.

The authentication server 1000 may obtain user information in various ways.

The authentication server 1000 may obtain user information from the user terminal 2000a. Also, the authentication server 1000 may obtain user information from the third party authentication server 5000 .

When the authentication server 1000 obtains user information from the user terminal 2000a, the authentication server 1000 may receive and obtain user information from the user terminal 2000a. For example, the user terminal 2000a may acquire user information by receiving user information from a user, and may transmit the acquired user information to the authentication server 1000 .

When the authentication server 1000 obtains user information from the third-party authentication server 5000 designated by the user, the authentication server 1000 provides the user information from the user terminal 2000a. ) information can be obtained. The authentication server 1000 may acquire user information by requesting provision of user information to the third party authentication server 5000 .

Acquisition of user information described above is only an example for convenience of description, and is not limited thereto, and various methods of providing user information that are commonly used may be used.

Also, according to some embodiments of the present invention, a step of registering the acquired user information may be performed (S110). Registering user information may be initiated by the authentication server 1000 . Registration of user information may be to assign unique user identification information for a subject to be issued, match it with user information, and store it.

User information given to the issuing target may be arbitrarily determined by the authentication server 1000 . In addition, the authentication server 1000 may grant the user identification information requested from the user terminal 2000a to the issuer.

The authentication server 1000 may transmit user identification information to the user terminal 2000a so that the user can recognize the user identification information.

Also, the authentication server 1000 may set a security key corresponding to user identification information. A security key corresponding to user identification information may be obtained from the user terminal 2000a. In addition, user identification information may be obtained by generating a corresponding security key by the authentication server 1000 . When the security key is generated and set by the authentication server 1000, the authentication server 1000 may transmit the security key set to the user terminal 2000a so that the user can recognize the security key.

Also, according to some embodiments of the present invention, a step of setting authority for registered user information may be performed (S130). Setting authority for user information may be initiated by the authentication server 1000 .

Authority setting may be set based on authority setting information as described above in the overview of authentication tokens.

The authentication server 1000 may store user information and authority information corresponding to the user information.

3.2.2 User authentication and token issuance

Hereinafter, a user authentication and token issuance method according to an embodiment of the present invention will be described with reference to FIG. 7 .

7 is a flowchart of an authentication token issuance method according to an embodiment of the present invention.

7, obtaining authentication token issuance request information (S200), performing user authentication (S210), generating an authentication token (S220), and transmitting the authentication token to a user terminal (S230). ) may be included.

According to some embodiments of the present invention, obtaining authentication token issuance request information may be performed (S200). Acquiring authentication token issuance request information may be a step in which the authentication server 1000 obtains authentication token issuance request information from the user terminal 2000a.

The authentication token issuance request information may include user identification information and a security key.

Accordingly, the authentication server 1000 may obtain user identification information and a security key from the user terminal 2000a.

According to some embodiments of the present invention, a step of performing user authentication may be performed (S210).

The authentication server 1000 may determine whether the user of the user terminal 2000a requesting issuance of the authentication token is a legitimate user.

The authentication server 1000 may determine whether the user is a legitimate user based on whether the acquired user identification information and a security key corresponding to the user identification information are valid.

The authentication server 1000 may determine whether user identification information acquired from the user terminal 2000a and a security key corresponding to the user identification information are valid.

The authentication server 1000 may determine that the user identification information acquired from the user terminal 2000a is valid when it is registered in advance.

In addition, the authentication server 1000 may determine that the security key is valid when the obtained security key matches the user identification information and corresponds to the stored security key.

The authentication server 1000 may determine a valid user when both the acquired user identification information and the security key are valid.

In addition, the authentication server 1000 may obtain at least one of user information, user identification information, and a security key from the third party authentication server 5000 to determine whether the user is a valid user.

In addition, the authentication server 1000 may obtain an authentication result from the third party authentication server 5000 to determine whether the user is a valid user.

When it is determined that the authentication server 1000 is not a legitimate user, the authentication server 1000 may transmit a message informing that authentication has failed to the user terminal 2000a.

According to some embodiments of the present invention, generating an authentication token may be performed (S220).

The authentication server 1000 may generate an authentication token to be transmitted to the user terminal 2000a if the user is a valid user. The authentication server 1000 may generate an authentication token based on authority information granted to user identification information.

According to some embodiments of the present invention, a step of transmitting the authentication token to the user terminal 2000a may be performed (S230).

The authentication server 1000 may transmit the generated authentication token to the user terminal 2000a. In addition, the authentication server 1000 may generate a renewal token corresponding to the authentication token and transmit it to the user terminal 2000a.

3.3 Renewal of Tokens

3.3.1 Renewal Token

As described above, validity or expiration of the authentication token may be determined according to predetermined conditions.

That is, conditions such as valid time, when the authentication token is valid, and under what conditions may be set in the authentication token. If these validation conditions are not met, the authentication token must be renewed or reissued.

Renewal tokens according to some embodiments of the invention may be used for renewal of authentication tokens. Renewal tokens can be used to renew with a new authentication token before or after the authentication token expires. When there is no renewal token When an authentication token has expired, the hassle of having to be authenticated again to reissue an authentication token may occur. In order to solve this inconvenience, while the renewal token is valid, it is possible to increase user convenience by allowing the authentication token to be issued as a new token using the renewal token without separate authentication.

The renewal token may include renewal token identification information, renewal conditions, authentication token identification information for a corresponding authentication token, and validity conditions of the renewal token.

The renewal token identification information may be information for identifying a plurality of issued renewal tokens.

The renewal condition may be a condition for renewing an authentication token. Renewal conditions will be described in detail in 4.4 Renewal of Authentication Token, which will be described later.

Corresponding authentication token identification information may be identification information on an authentication token to be renewed through an update token.

Renewal tokens may contain validity conditions.

For example, a renewal token may be valid for a limited period after issuance. Up to what point the renewal token is valid may depend on the validity conditions.

Validity conditions of the renewal token may include the time elapsed from the time of issuance, the number of renewals, the location of the user terminal, and a request from an authentication server.

Validity conditions of renewal tokens may apply mutatis mutandis to valid conditions of authentication tokens.

According to some embodiments of the present invention, the validity condition of the renewal token may be an elapsed time from the issuance time.

For example, renewal tokens may include an expiration time such that they are valid for 6 hours from the time of issuance. The renewal token may include time information about the time of issuance and information about how much time has elapsed from the generation time until it is valid. The subject determining whether the renewal token is valid may determine whether the renewal token is valid based on whether the current time for determining the validity of the renewal token is after the valid time has elapsed from the time of issuance of the renewal token. As a more specific example, if the issuance time of the renewal token is 00:00 and the valid condition from the issuance time is within 6 hours from the issuance time, the terminal 2000 determines whether the renewal token is valid or not is 5:00. It may be determined that the renewal token is valid, and if the current time for determining validity of the renewal token is 7:00, it may be determined that the renewal token is invalid. Here, the validation subject may be at least one of the authentication server 1000, the terminal 2000, and the door opening/closing device 3000 as a configuration for determining whether the renewal token is valid.

For another example, the renewal token may include elapsed time information for determining whether a certain amount of time has elapsed from the time of issuance. When a value according to the elapsed time information gradually increases and reaches a threshold value determined to be expired, the renewal token may be determined to be expired. Conversely, when the value according to the elapsed time information gradually decreases and reaches a threshold according to the selection, the renewal token may be determined to be expired.

According to some embodiments of the present invention, the validity condition of the renewal token may be the number of renewals.

For example, if the number of times of use of the validity condition is 5 times and the renewal token is transmitted to the authentication server 1000 5 times to renew the authentication token, the renewal token may be determined to be expired.

For another example, if the number of times of use of the validity condition is 7 times, if the renewal token is transmitted to the authentication server 1000 and the authentication token renewed 7 times is acquired, the renewal token may be determined to be expired.

For another example, if the number of uses of the validity condition is 3 times and the renewal token is transmitted to the authentication server 1000 and a rejection message is received 3 times, the renewal token may be determined to be expired. According to some embodiments of the present invention, the validity condition of the renewal token may be the location of the terminal 2000 .

When the terminal 2000 is in a predetermined location, the renewal token may be determined to be valid, and when the terminal 2000 is out of the predetermined location, it may be determined to be invalid.

When the determining subject is the authentication server 1000 instead of the terminal 2000, the terminal 2000 is configured to allow the authentication server 1000 to determine whether the renewal token is valid based on the location information of the terminal 2000. The authentication server ( 1000) may be provided with location information. The location information may be at least one of location information on the location of the terminal at the time the update token is issued and the current location of the terminal. In the case of the renewal token, since the renewal token is also issued while the initial authentication token is issued, the location information at the time of issuance of the authentication token and the location at the time of issuance of the renewal token may be the same. Accordingly, location information at the time of issuance of the renewal token may be replaced with location information at the time of issuance of the authentication token.

For example, when the location range included in the valid condition is within the range of 100 m based on the company building, the door opener 3000 determines that the renewal token is invalid if the location where the renewal token is issued is out of the location range included in the valid condition. can be judged to be

For another example, when the location range included in the valid conditions is within a range of 100 m based on the company building, the door opening/closing device 3000 compares the location information obtained from the terminal 2000 with the location range included in the valid conditions. If the location information is out of the location range included in the validity condition, it may be determined that the update token is invalid.

For another example, when it is determined that the current location information is out of the location range included in the valid condition, the terminal 2000 may determine that the renewal token is in an expired state and change the status of the authentication token to expired. Renewal token If it is determined that is not valid, the authentication server 1000 may reject renewal of the authentication token.

3.3.2 Renewal of authentication tokens (renewal tokens Example )

Authentication tokens may be renewed according to some embodiments of the invention.

Renewal of an authentication token may mean receiving a new authentication token from an authentication server. The newly issued authentication token may have the same authority information as the previously issued authentication token. However, when a change occurs in authority, the authority information of the newly issued authentication token and the previously issued authentication token may be different.

In addition, the newly issued authentication token may have a different validity period from the previously issued authentication token.

The terminal 2000 may request renewal of the authentication token by transmitting the renewal token to the authentication server 1000 .

The authentication server 1000 may transmit an authentication token corresponding to the received renewal token to the terminal 2000 .

According to some embodiments of the present invention, renewal conditions may be set in the renewal token.

According to some embodiments of the present invention, when an authentication token expires, a renewal token may be transmitted to the authentication server 1000 to request renewal.

For example, when it is determined that the authentication token has expired, the terminal 2000 may request renewal of the authentication token by transmitting a renewal token to the authentication server 1000 . For another example, when receiving an expiration message notifying that the authentication token has expired from the door opening/closing device 3000, the terminal 2000 may request renewal of the authentication token by transmitting a renewal token to the authentication server 1000.

According to some embodiments of the present invention, a predetermined time may be set as a renewal condition in the renewal token.

The terminal 2000 may request renewal by transmitting the renewal token to the authentication server 1000 when a predetermined time elapses from the issuance of the renewal token.

When the renewal time arrives, the authentication token can be sent to the authentication server to request renewal.

The renewal token may include time information remaining until the renewal time. When the remaining time included in the renewal token is deducted to a predetermined renewal time point, renewal of the authentication token may be requested by transmitting the renewal token to the authentication server.

For example, if the remaining time of 1000 seconds is information on the renewal token, renewal of the authentication token may be requested by transmitting the renewal token to the authentication server at the renewal time point from 1000 seconds to 0 seconds.

For another example, when a time of 1000 seconds is set in the renewal token, renewal of the authentication token may be requested by transmitting the renewal token to the authentication server every time 100 seconds are deducted.

According to some embodiments of the present invention, the disclosed authentication token may be updated after determining whether to perform the update based on the location.

When the user terminal enters a predetermined location, the renewal token may be transmitted to the authentication server 1000 to request renewal of the authentication token.

According to some embodiments of the present invention, the disclosed authentication token may be updated by determining whether or not to perform the renewal according to a user request.

When a user input requesting renewal is input, the terminal 2000 may request renewal of the authentication token by transmitting the renewal token to the authentication server 1000 .

According to some embodiments of the present invention, renewal of the disclosed authentication token may be determined depending on whether communication is connected between the terminal 2000 and the door opening/closing device 3000 .

In one embodiment, the authentication token may be renewed when communication is connected between the terminal 2000 and the door opening/closing device 3000 . In this case, the updated authentication token may be transmitted to the door opening and closing device 3000 .

When communication is established with the door opening/closing device 3000, the terminal 2000 may request renewal of the authentication token by transmitting the renewal token to the authentication server 1000.

The terminal 2000 may transmit the updated authentication token to the door opening/closing device 3000 .

According to some embodiments of the present invention, the disclosed authentication token may be updated when a door open/close decision result is received from the door opening/closing device 3000 . For example, the terminal 2000 may transmit an authentication token to the door opening/closing device 3000 to receive a result of determining whether the door is open or not.

Upon receiving the result of determining whether the door is open from the door opening/closing device 3000, the terminal 2000 may request renewal of the authentication token by transmitting the renewal token to the authentication server.

Renewal tokens according to some embodiments of the present invention may be renewed according to predetermined conditions. According to some embodiments of the present invention, both the authentication token and the renewal token may expire according to the validity conditions described above. If both the authentication token and the renewal token have expired, the authentication token and renewal token may need to be reissued through re-authentication. When both the authentication token and the renewal token expire, the authentication server 1000 may issue the authentication token and renewal token to the terminal 2000 after performing user authentication.

According to some embodiments of the invention, the refresh token may be renewed.

When the validity period of the renewal token is within a predetermined time, the renewal token may be renewed.

For example, when the authentication server 1000 obtains a renewal token from the terminal 2000 to renew the authentication token, if the remaining period until expiration of the renewal token is within a predetermined period, the authentication server 1000 renews the renewal token to the terminal 2000. can transmit Renewal of the renewal token of the authentication server 1000 may be an initialization of a period remaining until expiration.

For another example, when the remaining period until expiration of the renewal token is within a predetermined period, the terminal 2000 may request renewal of the renewal token by transmitting the renewal token to the authentication server 1000 .

According to some embodiments of the present invention, when the terminal 2000 is in a predetermined location, the update token may be renewed.

According to some embodiments of the present invention, the initiated renewal token may be updated by determining whether or not to perform renewal according to a user request.

When a user input requesting renewal of the renewal token is input, the terminal 2000 may request renewal of the authentication token by transmitting the renewal token to the authentication server 1000 .

After determining whether the received renewal token is valid, the authentication server 1000 may transmit an authentication token corresponding to the renewal token to the terminal 2000 if it is valid. In addition, when the received renewal token is not valid, the authentication server 1000 may determine that renewal is not possible and transmit a message indicating that renewal is not possible to the terminal 2000 .

The authentication server 1000 may determine whether the renewal token is valid based on the time elapsed from the issuance time, the location of the terminal 2000, and the number of renewals of the renewal token.

Also, the authentication server 1000 may obtain location information of the terminal 2000 from the terminal 2000 in order to determine whether the renewal token is valid based on the location of the terminal 2000 .

4. Utilization of authentication tokens

In the access control system 10000 of the present invention, various operations can be performed using the acquired authentication token.

Hereinafter, various detailed embodiments of the access control system 10000 will be described in more detail.

However, in the following, for convenience of description, a process after the user terminal 2000a obtains an authentication token from the authentication server 1000 will be described in detail, and the user terminal 2000a obtains the authentication token from the authentication server 1000. The acquisition process is described in “3. Authentication Torque and Renewal Token” above, so a detailed description thereof will be omitted.

4.1. door Open management method

In the conventional access control system, a server for managing access and an access control device are provided, and when a user requests access, the server for managing access and the access control device are organically linked to determine whether or not to allow access.

In such a conventional system, the server managing access and the access control device must maintain communication and must perform their respective roles to determine whether or not to allow access. If a problem occurs in communication between the server managing access and the access control device, a problem occurs in which a user cannot access.

Hereinafter, a door opening management method according to an embodiment of the present invention will be described with reference to FIGS. 8 and 9 .

8 is an environment view of a door opening management method according to an embodiment of the present invention.

As exemplarily shown in FIG. 8 , in the door opening management method according to an embodiment of the present invention, the user terminal 2000a transmits an authentication token to the door opening/closing device 3000, and the door opening/closing device 3000 performs authentication. Based on the token, whether or not the door is opened is determined, and when it is determined that there is authority to open the door, the door is opened so that the user of the user terminal 2000a can enter and exit the door 4000.

As described above in 3. Authentication Token and Renewal Token, the authentication token is issued by the authentication server 1000 to the user terminal 2000a, so that the user terminal 2000a acquires the authentication token.

In the door opening management method according to an embodiment of the present invention, the authentication server 1000 is involved in a series of processes in which door opening is requested using an authentication token and the door opening/closing device 3000 determines whether the door is opened. may not

Therefore, unlike the conventional access management system, the door opening management method according to an embodiment of the present invention has an effect that even if the authentication server 1000 is in an inoperable state, if a valid authentication token is possessed, access can be performed without problems. do.

The basic concept of the door opening management method according to an embodiment of the present invention may also be applied to various embodiments to be described below.

Hereinafter, a door opening management method according to a first detailed embodiment of the present invention will be described with reference to FIG. 9 .

9 is a flowchart of a door opening management method according to an embodiment of the present invention.

Referring to FIG. 9 , the door opening management method includes transmitting an authentication token from the user terminal 2000a to the first door opening/closing device 3000a (S300), and determining whether the door is opened by the first door opening/closing device 3000a. Step (S310), first door opening/closing device (3000a) transmitting the opening determination result (S320), first door opening/closing device (3000a) performing a door opening operation (S330), user terminal (2000a) A step of transmitting an authentication token to the second door opening/closing device 3000b (S340), a step of determining whether the door is open by the second door opening/closing device 3000b (S350), the second door opening/closing device 3000b is opened Transmitting the determination result (S360) and performing a door opening operation by the second door opening and closing device (3000b) (S370) may be included.

According to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the first door opening/closing device 3000a may be performed (S300).

The user terminal 2000a may transmit the stored authentication token to the first door opening/closing device 3000a when communication is connected with the first door opening/closing device 3000a. For example, the user terminal 2000a may transmit the automatically stored authentication token to the first door opening/closing device 3000a even without a separate user request.

Alternatively, the user terminal 2000a may transmit the stored authentication token to the first door opening/closing device 3000a when a user's request is input. For example, the user terminal 2000a may notify that communication with the first door opening/closing device 3000a is connected, and the user's authentication token transmission request is input while communication with the first door opening/closing device 3000a is connected. In this case, the stored authentication token may be transmitted to the first door opening/closing device 3000a. For another example, the user terminal 2000a may transmit the stored authentication token to the first door opening/closing device 3000a when communication is connected with the first door opening/closing device 3000a in a state in which a user's authentication token transmission request is input. have. However, when the user terminal 2000a is not connected to the first door opening/closing device 3000a within a predetermined time from the time when the authentication token transfer request is input in order to determine the user's intention to cancel due to incorrect input and situation change, etc. It is determined that the user has an intention to cancel, and the authentication token transfer request can be canceled. When the authentication token transmission request is canceled, the user terminal 2000a may not transmit the stored authentication token to the first door opening/closing device 3000a even though it is connected to the first door opening/closing device 3000a.

Transmission of the stored authentication token described above may mean at least one authentication token among the authentication tokens stored in the user terminal 2000a.

The user terminal 2000a may not transmit the authentication token to the first door opening/closing device 3000a when a valid authentication token does not exist among pre-stored authentication tokens.

Also, according to some embodiments of the present invention, a step of determining whether the door is opened by the first door opening and closing device 3000a may be performed (S310).

Whether or not the door is opened may be determined based on authority included in authentication information.

Authority determination of the door opening and closing device 3000 may be provided in various ways.

A first method may be a method of determining authority when the authority includes door identification information for a door to which an authentication token is assigned.

As a first method, the first door opening/closing device 3000a may determine whether door identification information corresponding to the first door opening/closing device 3000a is included in the authentication token. The first door opening/closing device 3000a may determine that the authentication token has authority when door identification information corresponding to the first door opening/closing device 3000a is included.

The second method may be a method of determining authority when the authentication token includes at least one of door identification information with authorization and door identification information without authorization, and authorization information for the authentication token.

In the second method, the first door opening/closing device 3000a may determine whether the authentication token includes the authority for the door corresponding to the first door opening/closing device 3000a.

The first door opening/closing device 3000a may determine whether first door identification information corresponding to the first door opening/closing device 3000a is included in the authentication token. In addition, the first door opening and closing device 3000a may determine whether the authority corresponding to the corresponding first door identification information is the authority to pass through the door.

In addition, the first door opening and closing device 3000a may determine whether the door is opened by further considering whether or not the authentication token is valid. When the validity period included in the authentication token has expired, the first door opening and closing device 3000a may determine that there is no right to open the door.

In addition, according to some embodiments of the present invention, a step of transmitting the open determination result of the first door opening and closing device 3000a may be performed (S320).

The first door opening/closing device 3000a may transmit an opening determination result to the user terminal 2000a.

When it is determined that the first door opening and closing device 3000a has the right to open, it may transmit permission information indicating that it has the right to open to the user terminal 2000a. In addition, the first door opening and closing device 3000a may output at least one of audible and visual information through a separate output unit, thereby notifying the outside that it is determined to be authorized.

In addition, when it is determined that the first door opening and closing device 3000a does not have the right to open, it may transmit a message indicating that the door cannot be opened to the user terminal 2000a.

Step S320 described above is not necessarily essential and may be omitted according to some embodiments. In addition, the execution of step S320 does not necessarily precede step S330, which will be described later, and may be performed during step S330 or after step S350 according to some embodiments.

Also, according to some embodiments of the present invention, a step of performing a door opening operation by the first door opening and closing device 3000a may be performed (S330).

When it is determined that the authentication token includes the authority to open the door 4000, the first door opening and closing device 3000a may provide power through the door power unit 3600 so that the door is unlocked. In addition, when the door 4000 is an automatic door, the first door opening and closing device 3000a may provide power through the door power unit 3600 so that the door leaf is changed to an open state.

The first door opening and closing device 3000a may provide power through the door power unit 3600 so that the door leaves are in a locked state based on a locking condition after the door leaves are unlocked. The first door opening/closing device 3000a may determine whether the door has returned to the closed state based on the signal acquired from the door sensor unit 3400, and if the door has returned to the closed state, the door is locked. Power may be provided through the door power unit 3600 as much as possible. In addition, the first door opening/closing device 3000a further considers the waiting time for locking and provides power through the door power unit 3600 so that the door leaves the locked state after the waiting time for locking has elapsed even if the door returns to the closed state. have.

Also, according to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the second door opening/closing device 3000b may be performed (S340).

The user terminal 2000a may transmit the stored authentication token to the second door opening/closing device 3000b when communication is connected with the second door opening/closing device 3000b.

Also, according to some embodiments of the present invention, a step of determining whether the door is opened by the second door opening and closing device 3000b may be performed (S350).

The second door opening/closing device 3000b may determine whether door identification information corresponding to the second door opening/closing device 3000b is included in the authentication token. The second door opening and closing device 3000b may determine that it has authority to open the door 4000 when the authentication token includes door identification information corresponding to the second door opening and closing device 3000b.

The second door opening and closing device 3000b may determine whether the authentication token includes the right to open the door 4000 corresponding to the second door opening and closing device 3000b.

The second door opening and closing device 3000b may determine whether second door identification information corresponding to the second door opening and closing device 3000b is included in the authentication token. In addition, the second door opening and closing device 3000b may determine whether the authority corresponding to the corresponding second door identification information is the authority to open the door.

In addition, according to some embodiments of the present invention, a step of transmitting the open determination result of the second door opening and closing device 3000b may be performed (S360).

The second door opening and closing device 3000b may transmit an authority determination result to the user terminal 2000a.

The second door opening and closing device 3000b may transmit permission information indicating that it is determined that there is an opening authority to the user terminal 2000a when it is determined that there is an opening authority as a result of the authority determination. In addition, the second door opening and closing device 3000b may output at least one of auditory and visual information through a separate output unit, thereby notifying the outside that it is determined that there is an opening right.

In addition, when it is determined that the second door opening and closing device 3000b does not have the right to open, it may transmit a message informing that the door cannot be opened to the user terminal 2000a.

Also, according to some embodiments of the present invention, a step of performing a door opening operation by the second door opening and closing device 3000b may be performed (S370).

When it is determined that the authentication token includes the authority to open the door 4000, the second door opening/closing device 3000b may provide power through the door power unit so that the door leaf is unlocked. In addition, when the door 4000 is an automatic door, the second door opening and closing device 3000b may provide power through the door power unit 3600 so that the door leaf is changed to an open state.

The second door opening and closing device 3000b may provide power through the door power unit 3600 so that the door leaves are in a locked state based on the lock condition after the door leaves are unlocked. The second door opening and closing device 3000b may determine whether the door leaf has returned to the closed state based on the signal obtained from the door sensor unit 3400, and if the door leaf has returned to the closed state, the door leaf is closed. Power may be provided through the door power unit 3600 as much as possible. In addition, the second door opening and closing device 3000b further considers the waiting time for locking and provides power through the door power unit 3600 so that the door leaves the locked state after the waiting time for locking has elapsed even if the door returns to the closed state. have.

Accordingly, in the access request and permission according to the first detailed embodiment of the present invention, the user terminal 2000a may open the authorized door 4000 using the authentication token acquired from the authentication server 1000. As a result, the user terminal 2000a among the plurality of doors 4000 can freely enter and exit the authorized door without performing additional authentication with the authentication server 1000 when the stored authentication token is valid.

4.2. Access status management method

Hereinafter, an access state management method according to an embodiment of the present invention will be described with reference to FIGS. 10 to 17 .

In the following description of the access state management method according to an embodiment of the present invention, the same contents as the door opening management method according to an embodiment of the present invention described above, such as opening a door, will be omitted or briefly described. .

10 is an environment diagram of an access state management method according to an embodiment of the present invention.

As shown in FIG. 10 , a first door communication unit 3110 may be provided outside the door 4000 and a second door communication unit 3120 may be provided inside the door.

Also, as shown in FIG. 10 , the first door communication unit 3110 and the second door communication unit 3120 may be connected to the door control unit 3700 .

The arrangement environment of the first door communication unit 3110 and the second door communication unit 3120 shown in FIG. 10 is only an example for convenience of description, and is not limited thereto, and the installation position is changed according to selection or the door first communication unit 3110 ) and the door second communication unit 3120, only one door communication unit may be provided, and an additional configuration such as a door third communication unit may be further added.

In addition, separate door opening and closing devices 3000 may be provided on the inside and outside depending on the implementation environment. For example, the first door opening and closing device 3000a may be provided on the outside and the second door opening and closing device 3000b may be provided on the inside.

Also, depending on the implementation environment, one door communication unit 3100 controlling both the inside and outside may be provided. In this case, it is possible to determine whether the user enters from the outside to the inside or goes from the inside to the outside by grasping the distance and direction between the door communication unit 3100 and the user terminal 2000a.

Hereinafter, in describing the access state management method and its modifications according to the present invention, it will be described with reference to the installation environment of FIG. 10 for convenience of explanation.

Referring to FIG. 10 , management of whether a user legitimately uses the access control system may be a very important issue in the access control system.

For example, in an automated access control system, when a plurality of users try to pass through the door 4000, the user of the first user terminal 2000a' passes through the door after determining the access authority using the authentication token, and the second user terminal passes through the door. The user of (2000a'') passes through the door 4000 opened by the user of the first user terminal (2000a') without determining the access authority, and the user of the second user terminal (2000a'') enters the door (4000). There may be a problem that the history passed through is not managed.

In order to prevent this problem, in the access status management method according to an embodiment of the present invention, it is possible to determine whether or not there has been unauthorized access based on the access status information by adding access status information. can reject For example, when an entering user passes through a door through access authentication, the user's access state is changed from entry to entry. When such a user intends to enter again, the door opening/closing device 3000 can open the door 4000 and pass through the door 4000 if authorized because the entry/exit state is legitimate.

On the other hand, if a user who needs to enter passes through without access authentication, the user's access state is maintained as entry. When such a user tries to enter again, the door opening/closing device 3000 may refuse to open the door 4000 even if the user has authority because the entry/exit state is not legitimate. According to some embodiments of the present invention, since such a user needs to request the authentication server 1000 to reissue the access status, the authentication server 1000 can separately manage it.

Hereinafter, an access state management method and modified examples according to an embodiment of the present invention will be described in detail with reference to FIGS. 11 to 17 .

11 is a flowchart illustrating a method for managing an access state according to an embodiment of the present invention.

Referring to FIG. 11, the access state management method includes transmitting an authentication token and access state information (S400), determining whether the door is open (S410), changing the access state (S420), and displaying the changed access state information. It may include transmitting (S430), performing a door opening operation (S440), and transmitting a rejection message (S450).

According to some embodiments of the present invention, a step of transmitting the authentication token and first access state information from the user terminal 2000a to the first door communication unit 3110 may be performed (S400).

When communication with the first door communication unit 3110 is established, the user terminal 2000a may transmit the stored authentication token and first access state information to the first door communication unit 3110 . Connection of communication between the user terminal 2000a and the first door communication unit 3110 may mean that communication is connected between the user terminal 2000a and the door opening/closing device 3000 .

The user terminal 2000a may transmit automatically stored authentication tokens and first access state information to the door first communication unit 3110 even without a separate user request.

Alternatively, the user terminal 2000a may transmit the stored authentication token and first access state information to the door first communication unit 3110 when a user's request is input. For example, the user terminal 2000a may notify that communication with the first door communication unit 3110 is connected, and when a user's authentication token transmission request is input while communication with the first door communication unit 3110 is connected, the stored information is stored. The authentication token and first access state information may be transmitted to the door first communication unit 3110 . For another example, the user terminal 2000a transmits the stored authentication token and first access state information to the door first communication unit 3110 when communication is connected with the door first communication unit 3110 in a state in which the user's authentication token transmission request is input. ) can be transmitted. However, in order to determine the user's intention to cancel due to erroneous input and situation change, if the user terminal 2000a is not connected to the first door communication unit 3110 within a predetermined time from the time when the authentication token transmission request is input, the user's It is determined that there is an intention to cancel, and the authentication token transfer request can be canceled. When the authentication token transmission request is canceled, the user terminal 2000a may not transmit the stored authentication token to the door first communication unit 3110 even though it is connected to the door first communication unit 3110 .

Transmission of the stored authentication token described above may mean at least one authentication token among the authentication tokens stored in the user terminal 2000a.

Also, according to some embodiments of the present invention, a step of determining whether the door is open may be performed (S410).

The door controller 3700 may obtain an authentication token and access state information through the first door communication unit 3110 .

The door control unit 3700 may determine whether or not to open the door based on the authority included in the authentication token and access state information.

The door controller 3700 may determine whether door identification information corresponding to the door opening/closing device 3000 and/or the door 4000 is included in the authentication token. The door controller 3700 may determine that the authentication token has authority when door identification information corresponding to the door opening/closing device 3000 and/or the door 4000 is included.

The door control unit 3700 may determine whether there is authority in consideration of door identification information and authority values.

The door control unit 3700 may determine whether the authentication token includes authority for the door opening/closing device 3000 and/or the door corresponding to the door 4000.

The door controller 3700 may determine whether door identification information corresponding to the door opening/closing device 3000 and/or the door 4000 is included in the authentication token. In addition, the door control unit 3700 may determine whether or not the authority included in the authority information corresponding to the corresponding door identification information is the authority to pass through the door.

The door control unit 3700 may determine whether access state information included in authentication information is legitimate.

In an embodiment, the door controller 3700 may determine whether the access state included in the access state information corresponds to the first door communication unit 3110 .

The door control unit 3700 may determine to open the door when the authentication token is authorized and the access state information included in the authentication information corresponds to the door first communication unit 3110 . For example, when the door first communication unit 3110 is installed outside the door and the access status information is entry, the door control unit 3700 may determine that the access status information corresponds to the door first communication unit 3110. .

The door control unit 3700 may determine whether or not to open the door based on various additional criteria in addition to determining the authority based on the authentication token and whether the entry/exit state information is legitimate.

According to some embodiments of the present invention, the door control unit 3700 may determine whether the door is opened by further considering the number of users allowed to enter the space.

The door control unit 3700 may calculate the number of users who have entered the current space. The door control unit 3700 may calculate the number of users currently entering by subtracting the number of users entering from the number of users exiting. For example, the door control unit 3700 may calculate the number of users currently entering by deducting a case in which the entry/exit status is 'entry' when the door is opened from a case in which the access status is 'entry' when the door is opened.

The door control unit 3700 may determine that the door cannot be opened when the number of users currently entering is greater than or equal to a predetermined maximum number of entering users.

Also, according to some embodiments of the present invention, a step of changing an access state may be performed (S420).

The door control unit 3700 may change access state information when it is determined that the door is open as a result of the determination.

For example, the door control unit 3700 may change the access status information when it is determined that the authentication token includes the authority to pass through the door and the access status information is legitimate. For a more specific example, the door control unit 3700 may change entry/exit state information of an exit route when the entry/exit state information is entry.

Also, according to some embodiments of the present invention, a step of transmitting the changed access state information may be performed (S430).

The door controller 3700 may control access state information to be transmitted to the user terminal 2000a.

In addition, the door control unit 3700 may control to transmit an opening determination result to the user terminal 2000a.

When it is determined that there is authority as a result of the authority determination, the door control unit 3700 may transmit permission information indicating that it is determined to have authority to the user terminal 2000a. In addition, the door control unit 3700 may output at least one of auditory and visual information through a separate output unit, thereby notifying the outside that the information is determined to be authorized.

In addition, the door control unit 3700 may transmit a message informing that door opening is impossible to the user terminal 2000a when it is determined that there is no right to open the door as a result of the determination.

Also, according to some embodiments of the present invention, a step of performing a door opening operation may be performed (S440).

The door control unit 3700 may control the door power unit 3600 so that the door is unlocked when it is determined that the authentication token includes the authority to open the door.

The door power unit 3600 may provide power so that the door leaves are unlocked. In addition, when the door 4000 is an automatic door, the door control unit 3700 may control the door power unit 3600 to change the door leaf to an open state. In this case, the door power unit 3600 may provide power so that the door leaf is changed to an open state.

The door control unit 3700 may control the door power unit 3600 so that the door is locked based on a locking condition after the door is unlocked. The door control unit 3700 may determine whether the door leaves have returned to the closed state based on the signal obtained from the door sensor unit 3400, and when the doors have returned to the closed state, the door power is applied so that the doors are locked. Power may be provided by controlling the unit 3600 . In addition, the door control unit 3700 may control the door power unit 3600 to lock the door after the waiting time for locking has elapsed even if the door returns to the closed state by further considering the waiting time for locking.

In addition, according to some embodiments of the present invention, if it is rejected as a result of determining whether or not to open the door, a step of transmitting a rejection message may be performed (S450).

The door control unit 3700 may control to transmit an open rejection message to the user terminal 2000a when it is rejected as a result of determining whether to open the door.

The opening rejection message may be a message informing that door opening is impossible.

The open rejection message may further include an open rejection reason. For example, the open refusal message may include reasons for refusal to open, such as no authority, invalid authentication token, expired authentication token, invalid access status, and exceeding the maximum number of access users.

In the access state management method according to an embodiment of the present invention described above, when the door is opened as a result of determining whether the door is open by providing the access state information before the change to the door opening and closing device, the door is opened. When the changed access status information is transmitted to the same first door communication unit 3110 without passing through the door, the door control unit 3700 may refuse to open the door, unlike when the door opening was granted based on the access status information before the change. can

In addition, in the above description, the authentication token is transmitted through the door first communication unit 3110 assuming an entry situation for convenience of explanation, but it is not limited thereto and may be implemented in various ways depending on the installation environment. For example, in an entry situation, an entry/exit state management method may be performed by transmitting an authentication token through the second door communication unit 3120 .

The access state management method according to an embodiment of the present invention described above may be provided with various modifications.

Hereinafter, a modified example of the access state management method will be described with reference to FIGS. 12 to 17 .

Hereinafter, in the description of the modified example of the access state management method, the same codes are used for the same components and steps as the previously described access state management method, and the same steps as the previously described access state management method are described in each step. omit it.

4.2.1. Access status management method - 1st Variation

12 is a flowchart illustrating a first modified example of a method for managing an access state according to an embodiment of the present invention.

Referring to FIG. 12, a first modified example of the access state management method includes transmitting an authentication token (S400), determining whether the door is open (S410), transmitting open determination result information (S500), and opening the door (S500). (S440), requesting renewal of access status information (S510), changing access status information by the authentication server 1000 (S520), and transmitting updated access status information (S530) can be performed.

According to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the first door communication unit 3110 may be performed (S400).

Also, according to some embodiments of the present invention, a step of determining whether the door is opened by the door control unit 3700 may be performed (S410).

Also, according to some embodiments of the present invention, a step of controlling the door control unit 3700 to transmit open determination result information may be performed (S500).

The door control unit 3700 may control transmission of information notifying that opening is permitted to the user terminal 2000a when it is determined that the authentication token includes authority and the entry/exit state is legitimate.

Alternatively, the door control unit 3700 may control transmission of information informing that the opening has been rejected to the user terminal 2000a when it is determined that the authentication token does not include authority or the entry/exit state is not legitimate.

In addition, the door control unit 3700 may control access state information to be transmitted to the user terminal 2000a.

Also, the door control unit 3700 may control transmission of an authentication token to the user terminal 2000a.

Also, according to some embodiments of the present invention, a step of performing a door opening operation may be performed (S440).

Also, according to some embodiments of the present invention, a step of the user terminal 2000a requesting the authentication server 1000 to update access state information may be performed (S510).

When the user terminal 2000a receives information from the door opening/closing device 3000 indicating that opening of the door is permitted, the user terminal 2000a may request the authentication server 1000 to update the access state information.

The user terminal 2000a may request renewal of the access status information by transmitting identification information of a door permitted to open, information notifying that the opening of the door is permitted, and access status information to the authentication server 1000 .

Also, according to some embodiments of the present invention, a step of changing the access status of the access status information received by the authentication server 1000 may be performed (S520).

The authentication server 1000 may update the access status included in the received access status information.

It can be transmitted to the user terminal 2000a. For example, when the access status is entry, the authentication server 1000 may update the access status to entry. For another example, when the access status is exit, the authentication server 1000 may update the access status to entry.

Also, according to some embodiments of the present invention, a step of transmitting the updated access state information by the authentication server 1000 to the user terminal 2000a may be performed (S530).

In the first modified example of the access state management method described above, various additional functions may be added according to circumstances. A first modification of the access state management method may determine whether a user has entered a specific space based on identification information of a door permitted to be opened obtained from the user terminal 2000a.

According to some embodiments of the present invention, when an emergency such as a fire occurs, the authentication server 1000 may determine whether all users have evacuated to the assembly area. The authentication server 1000 may determine whether the user has entered a predetermined assembly point based on identification information of a door permitted to be opened acquired from the user terminal 2000a.

In addition, the authentication server 1000 may transmit an evacuation notification to the user terminal 2000a of a user who has not entered a predetermined assembly point among registered users or users issued with an authentication token. In addition, the authentication server 1000 may transmit information for guiding the location of the predetermined assembly point to the user terminal 2000a of a user who has not entered the predetermined assembly point among registered users or users who have received an authentication token.

4.2.2. Access status management method-2 Variation

13 is a flowchart illustrating a second modified example of an access state management method according to an embodiment of the present invention.

Referring to FIG. 13, a second modified example of the access state management method includes transmitting an authentication token (S400), determining whether a door is open (S410), transmitting open determination result information (S500), and entering or exiting state. A step of requesting renewal of information (S510), a step of allowing the authentication server 1000 to record a time stamp and change access status information (S520), a step of transmitting updated access status information (S530), Transmitting (S540), checking the time stamp (S550), and opening the door (S440) may be performed.

According to some embodiments of the present invention, a step of transmitting an authentication token may be performed (S400).

According to some embodiments of the present invention, a step of determining whether a door is open may be performed (S410).

According to some embodiments of the present invention, a step of transmitting open determination result information may be performed (S500).

According to some embodiments of the present invention, a step of requesting renewal of access state information may be performed (S510).

According to some embodiments of the present invention, a step of performing, by the authentication server 1000, changing time stamp records and access status information may be performed (S520).

The authentication server 1000 may record a time stamp in at least one of an authentication token and access state information.

The authentication server 1000 may record a time stamp based on at least one of a time at which information notifying that door opening is permitted is acquired, a time at which renewal of access state information is requested, and a current period.

According to some embodiments of the present invention, a step of transmitting updated access state information may be performed (S530).

The authentication server 1000 may transmit the updated access state information to the user terminal 2000a. Also, when the authentication server 1000 obtains the authentication token from the user terminal 2000a, it may transmit the authentication token to the user terminal 2000a. Also, when the time stamp is recorded in the authentication token, the authentication server 1000 may transmit the updated authentication token having the time stamp recorded thereon to the user terminal 2000a.

In addition, the authentication server 1000 may separately transmit access state information and time stamp separately.

According to some embodiments of the present invention, a step of transmitting a time stamp may be performed (S540).

The user terminal 2000a may transmit the time stamp to the door opening/closing device 3000 . For example, as shown in FIG. 13 , the user terminal 2000a may transmit a time stamp to the door first communication unit 3110 .

The user terminal 2000a may transmit the independently provided time stamp to the door opening/closing device 3000 .

Alternatively, when the time stamp is included in the access status information, the user terminal 2000a may transmit the time stamp to the door opening/closing device 3000 by transmitting the access status information to the door opening/closing device 3000 .

Alternatively, when the time stamp is included in the authentication token, the user terminal 2000a may transmit the time stamp to the door opening and closing device 3000 by transmitting the authentication token to the door opening and closing device 3000 .

According to some embodiments of the present invention, a step of checking a time stamp may be performed (S550).

The door controller 3700 may check the time stamp.

The door control unit 3700 may check whether a time stamp has been obtained from the user terminal 2000a. For example, the door control unit 3700 may check whether an independent time stamp has been obtained from the user terminal 2000a. For another example, the door control unit 3700 may check whether a time stamp is included in at least one of the authentication token and access state information acquired from the user terminal 2000a.

The door control unit 3700 may check whether the time of the time stamp is valid.

For example, the door control unit 3700 may check whether the time of the time stamp is the time at which the opening determination result is transmitted or after the opening determination result is transmitted. The door control unit 3700 may determine that the time stamp is valid when the time of the time stamp is the time at which the opening determination result is transmitted or after the opening determination result is transmitted.

The door controller 3700 may control the door to be opened when there is no abnormality as a result of the time stamp check.

According to some embodiments of the present invention, a step of opening a door may be performed (S440).

The time stamp described above may be modified in various forms. For example, a time stamp may be provided as a certificate, digital signature, and security key.

4.2.3. Access status management method - 3rd Variation

14 is a flowchart illustrating a third modified example of a method for managing an access state according to an embodiment of the present invention.

Referring to FIG. 14, a third modified example of the access state management method includes transmitting an authentication token (S400), determining whether the door is open (S410), and transmitting the door opening/closing device 3000 as a result of opening determination. (S500), performing a door opening operation (S440), and changing access state information by the user terminal (2000a) (S600).

According to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the first door communication unit 3110 may be performed (S400).

Also, according to some embodiments of the present invention, a step of determining whether the door is open may be performed (S410).

In addition, according to some embodiments of the present invention, a step of transmitting the open determination result may be performed (S500).

The door control unit 3700 may control transmission of information notifying that opening of the door is permitted to the user terminal 2000a.

Alternatively, the door control unit 3700 may control transmission of information notifying that door opening is rejected to the user terminal 2000a.

In addition, the door control unit 3700 may control access state information to be transmitted to the user terminal 2000a.

Also, according to some embodiments of the present invention, a step of performing a door opening operation may be performed (S440).

Also, according to some embodiments of the present invention, a step of updating the access status of the user terminal 2000a may be performed (S600).

The user terminal 2000a may receive access status information and update the received access status information.

The user terminal 2000a may update and store the received access state information. For example, when the entry/exit state is entry, the user terminal 2000a may update and store the entry/exit state as entry. For another example, when the entry/exit state is entry, the user terminal 2000a may update and store the entry/exit state as entry.

4.2.4. Access status management method - 4th Variation

Hereinafter, a fourth modified example of the access state management method according to an embodiment of the present invention will be described with reference to FIG. 15 .

A fourth modified example of the access status management method according to an embodiment of the present invention may be an embodiment in which the authentication server 1000 is requested to reissue the access status information when door development is rejected because the access status information is not legitimate. .

15 is a flowchart illustrating a fourth modified example of an access state management method according to an embodiment of the present invention.

Referring to FIG. 15, a fourth modified example of the access state management method includes transmitting an authentication token (S400), determining whether a door is open (S410), transmitting an open rejection message (S450), and a user terminal ( 2000a) transmitting authentication information and access status information to the authentication server 1000 and requesting renewal of the access status information (S710) and regenerating the access status information by the authentication server 1000 (S710) and the authentication server Step 1000 may include re-issuing the access state information to the user terminal 2000a (S720).

According to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the first door communication unit may be performed (S400).

Also, according to some embodiments of the present invention, a step of determining whether the door is opened by the door opening and closing device 3000 may be performed (S410).

Also, according to some embodiments of the present invention, a step of transmitting an open rejection message by the door opening/closing device 3000 may be performed (S450).

When the access state information does not correspond to the door first communication unit 3110, the door controller 3700 may determine that the access state is invalid and transmit an open rejection message to the user terminal 2000a.

Also, according to some embodiments of the present invention, a step of requesting reissuance of access status information by transmitting authentication information and access status information to the authentication server 1000 by the user terminal 2000a may be performed (S700).

The user terminal 2000a may transmit authentication information and access status information to the authentication server 1000 . Here, the authentication information may include at least one of user information, user identification information, a security key, and an authentication token.

In addition, the user terminal 2000a does not necessarily transmit authentication information and access status information to the authentication server to request reissuance of access status information, but transmits at least one of authentication information and access status information to request reissuance of access status information. can

In addition, when the access status information is included in the authentication token, the transmission of the access status information from the user terminal 2000a to the authentication server 1000 may mean transmitting the authentication token to the authentication server 1000.

In addition, when the access status information is implemented separately from the authentication token, transmission of the access status information from the user terminal 2000a to the authentication server 1000 may mean transmission of only access status information.

Also, according to some embodiments of the present invention, a step of regenerating access state information by the authentication server 1000 may be performed (S710).

The authentication server 1000 may change access state information after performing authentication based on the acquired authentication information.

The authentication server 1000 may regenerate the access status information by changing the access status information when it is determined that the user is a legitimate user as a result of user authentication. For example, when the access status of the received status information is an entry status, the authentication server 1000 may change the access status to exit status.

In addition, the authentication server 1000 may change the access state to a state requested by the user terminal 2000a. For example, when a request is received from the user terminal 2000a to change the access state to entry, the authentication server 1000 may change the access state of state information to entry.

Also, according to some embodiments of the present invention, a step of re-issuing the access status information to the user terminal 2000a by the authentication server 1000 may be performed (S720).

The authentication server 1000 may re-issue the regenerated access state information by transmitting it to the user terminal 2000a. Also, the authentication server 1000 may store a change history.

4.2.5. Access status management method - 5th Variation

Hereinafter, a fifth modified example of the access state management method according to an embodiment of the present invention will be described with reference to FIG. 16 .

A fifth modification of the access state management method according to an embodiment of the present invention may be an embodiment for managing whether or not a user has actually passed through.

For example, an entering user transmits an authentication token to the door first communication unit 3110 installed on the outside, and after being opened, enters the inside of the door and receives access status information of the changed access status from the door second communication unit 3120 installed on the inside. By acquiring, only the user who has actually passed through the door can acquire access state information in which the access state has been changed.

16 is a flowchart illustrating a fifth modified example of a method for managing access conditions according to an embodiment of the present invention.

Referring to FIG. 16, a fifth modification of the access state management method includes transmitting an authentication token (S400), determining whether the door is open (S410), changing the access state (S420), and opening the door. It may include a step (S440) and a step (S800) of transmitting the access state information by the second door communication unit 3120.

According to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the first door communication unit 3110 may be performed (S400).

Also, according to some embodiments of the present invention, a step of determining whether the door is opened by the door control unit 3700 may be performed (S410).

Also, according to some embodiments of the present invention, a step of changing an access state may be performed (S420).

Also, according to some embodiments of the present invention, a step of performing a door opening operation may be performed (S440).

Also, according to some embodiments of the present invention, a step of transmitting the access state information by the second door communication unit 3120 may be performed (S440).

The door controller 3700 may control the second door communication unit 3120 to transmit access state information to the user terminal 2000a.

The door control unit 3700 may control the second door communication unit 3120 to transmit access state information to the user terminal 2000a when the second door communication unit 3120 is connected to the user terminal 2000a.

The door control unit 3700 communicates with the user terminal 2000a through the second door communication unit 3120 within a predetermined time from at least one of the time of receiving the authentication token, the time of determining the opening of the door, the time of changing the access state, and the time of opening the door. If the connection is not established, transmission of access status information may be canceled.

4.2.6. Access status management method-Part 6 Variation

Hereinafter, a sixth modified example of the access state management method according to an embodiment of the present invention will be described with reference to FIGS. 17 and 18.

A sixth modified example may be an embodiment in which doors are provided in a hierarchical structure.

17 is an environment view of a door having a metrological structure according to a sixth modified example of the present invention.

As shown in FIG. 17, a space separated by one door may include a separate inner space. In FIG. 13 , the first door opening/closing device 3000a may be provided on the first door 4000a for separating the outer space from the first inner space, and the second door opening/closing device 3000b may be provided in the first inner space and the second inner space. 2 may be provided in the second door 4000b for separating the inner space.

Accordingly, it is preferable that the state information of the inner space and the upper space are separated from each other and managed.

Hereinafter, a sixth modified example of the access state management method will be described with reference to FIG. 18 .

18 is a flowchart illustrating a sixth modified example of an access state management method according to an embodiment of the present invention.

Referring to FIG. 18, in a sixth modified example of the access state management method, the user terminal 2000a transmits an authentication token to the first door opening/closing device 3000a (S900), and the first door opening/closing device 3000a opens and closes the door. Determining whether it is opened (S910), changing the access status information by the first door opening/closing device (3000a) (S920), transmitting the access status information by the first door opening/closing device (3000a) (S930), Opening the first door 4000a (S440), transmitting the authentication token from the first door opening/closing device 3000a to the second door opening/closing device 3000b (S940), and the second door opening/closing device 3000b Determining whether the door is open (S950), changing the access status information by the second door opening/closing device (3000b) (S960), transmitting the access status information by the second door opening/closing device (3000b) (S970) ) and opening the second door 4000b (S440).

According to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the first door opening/closing device 3000a may be performed (S900).

Also, according to some embodiments of the present invention, a step of determining whether the door is opened by the first door opening and closing device 3000a may be performed (S910).

The first door opening and closing device 3000a may determine whether to open the door based on the authority and access state information included in the authentication token.

The first door opening/closing device 3000a may determine whether door identification information corresponding to the first door opening/closing device 3000a is included in the authentication token. The first door opening/closing device 3000a may determine that the authentication token has authority when door identification information corresponding to the first door opening/closing device 3000a is included.

The first door opening/closing device 3000a may determine whether or not an authorization value for a door corresponding to the first door opening/closing device 3000a is included in the authentication token.

The first door opening/closing device 3000a may determine whether door identification information corresponding to the first door opening/closing device 3000a is included in the authentication token. In addition, the first door opening and closing device 3000a may determine whether the authority value corresponding to the corresponding door identification information is the authority value for passing through the door.

The first door opening/closing device 3000a may determine whether access state information included in the authentication information is legitimate.

The first door opening/closing device 3000a may determine whether the access state of the first door opening/closing device 3000a included in the access state information corresponds to the door communication unit 3100 that obtained the authentication token. Hereinafter, a case in which an authentication token is acquired through the first door communication unit 3110 of the first door opening and closing device 3000a will be described as an example. The first door opening/closing device 3000a may determine whether the entry/exit state corresponds to the first door communication unit 3110 of the first door opening/closing device 3000a.

In the first door opening/closing device 3000a, authority is granted to the authentication token, and at the same time, the entry/exit state of the first door opening/closing device 3000a included in the authentication information is the door first communication unit 3110 of the first door opening/closing device 3000a. ), it may be determined to open the door.

In addition, according to some embodiments of the present invention, a step of changing access state information by the first door opening/closing device 3000a may be performed (S920).

The first door opening/closing device 3000a may change the entry/exit state to the next step. For example, the first door opening/closing device 3000a may change the entry/exit state of an exit route when the entry/exit state is entry.

Also, according to some embodiments of the present invention, a step of transmitting the access state information by the first door opening/closing device 3000a may be performed (S930).

The first door opening/closing device 3000 may transmit access state information in which the access state of the first door opening/closing device 3000 is changed to the user terminal 2000a.

The user terminal 2000a may update the access status of the authentication token with the access status information acquired from the first door opening/closing device 3000a. Alternatively, the user terminal 2000a may discard pre-stored access status information and store access status information obtained from the first door opening/closing device 3000 .

Also, according to some embodiments of the present invention, a step of performing an opening operation on the first door 4000a by the first door opening and closing device 3000a may be performed (S440).

Also, according to some embodiments of the present invention, a step of transmitting an authentication token from the user terminal 2000a to the second door opening/closing device 3000 may be performed (S940).

Also, according to some embodiments of the present invention, a step of determining whether the door is opened by the second door opening and closing device 3000 may be performed (S950).

The second door opening and closing device 3000b may determine whether to open the door based on the authority and access state information included in the authentication token.

The second door opening/closing device 3000b may determine whether door identification information corresponding to the second door opening/closing device 3000b is included in the authentication token. The second door opening and closing device 3000b may determine that there is an authority value when the authentication token includes door identification information corresponding to the second door opening and closing device 3000b.

The second door opening/closing device 3000b may determine whether or not an authorization value for a door corresponding to the second door opening/closing device 3000b is included in the authentication token.

The second door opening/closing device 3000b may determine whether door identification information corresponding to the second door opening/closing device 3000b is included in the authentication token. In addition, the second door opening and closing device 3000b may determine whether the authority value corresponding to the corresponding door identification information is the authority value to pass through the door.

The second door opening/closing device 3000b may determine whether access state information included in the authentication information is legitimate.

The second door opening/closing device 3000b may determine whether the access state of the second door opening/closing device 3000b included in the access state information corresponds to the door communication unit 3100 that obtained the authentication token. Hereinafter, a case in which an authentication token is obtained through the first door communication unit 3110 of the second door opening and closing device 3000b will be described as an example. The second door opening/closing device 3000b may determine whether the entry/exit state corresponds to the door first communication unit of the second door opening/closing device 3000b.

In the second door opening/closing device 3000b, the authentication token is authorized, and the access state of the second door opening/closing device 3000b included in the authentication information corresponds to the door first communication unit of the first door opening/closing device 3000a. In a state where the door is open, it may be determined to open the door.

In addition, the second door opening and closing device 3000b may determine whether the door is open by further considering the access state of the first door opening and closing device 3000a of the upper layer.

The second door opening/closing device 3000b may refuse to open the door when the entry/exit state of the first door opening/closing device 3000a is abnormal. An abnormal entry/exit state of the first door opening/closing device 3000a may be a case in which it is exemplarily determined that the first door opening/closing device 3000a has not passed. For a more specific example, if the first door opening/closing device 3000a, which is an upper measurement, has passed, the entry/exit state of the first door opening/closing device 3000a must be an exit state. In this case, the second door opening/closing device 3000b may determine that the first door opening/closing device 3000a has passed abnormally and reject the door opening.

Also, according to some embodiments of the present invention, a step of changing the access state information of the second door opening and closing device 3000b may be performed (S960).

The second door opening and closing device 3000b may change access state information when it is determined that the door is open.

The second door opening and closing device 3000b may change the entry/exit state to the next step. For example, the second door opening/closing device 3000b may change the entry/exit state of the exit route when the entry/exit state of the second door opening/closing device 3000b is entry.

Also, according to some embodiments of the present invention, a step of transmitting the access state information by the second door opening/closing device 3000b may be performed (S970).

Also, according to some embodiments of the present invention, a step of performing an opening operation on the second door 4000b by the second door opening and closing device 3000a may be performed (S440).

In the above, access management through a hierarchical structure between a plurality of door opening and closing devices 3000a has been exemplarily described, but is not limited thereto, and a sixth modification of the access state management method according to an embodiment of the present invention is a door opening and closing method. It may be provided as an instrumental structure between the device 3000 and the electronic devices. For example, when requesting the use of an electronic device using an authentication token, the electronic device can determine whether or not the electronic device entered through the door of the space where the electronic device is located based on the access status information, and as a result of the determination, the electronic device If you enter through the door of the space where is located, you can allow the use of electronic devices. This embodiment is provided by replacing the second door opening and closing device 3000b with an electronic device in the sixth modification of the access state management method according to an embodiment of the present invention described above, and the second door opening and closing device 3000b This may mean that the previously performed determination of whether to open the door can be replaced by determining whether to permit use of the electronic device.

4.3. How to force permission change

Hereinafter, a method for compulsory change of authority according to an embodiment of the present invention will be described with reference to FIGS. 19 to 21 .

19 is an environment diagram of a method for compulsory change of authority according to an embodiment of the present invention.

When the access control system 10000 of the present invention is provided in a building or the like, an authentication token is issued according to the granted authority in normal times so that only authorized doors can be opened, thereby limiting the access area. However, when a special event such as fire or earthquake occurs, it is preferable to allow all doors to be opened exceptionally or to grant permission to open doors necessary for evacuation. Conventional access control systems may not be able to open the door for evacuation when a communication failure occurs between a server managing access and an access control device in the event of a fire or earthquake. However, in the access management system 10000 of the present invention, this problem can be solved by forcibly issuing an authentication token to which the authentication server 1000 has been granted authority.

In addition, the method for compulsory change of authority according to an embodiment of the present invention can also be applied when it is necessary to temporarily restrict the access of a user to whom an existing authority has been granted due to a security conference or the like.

20 is a flowchart illustrating a method for compulsory change of authority according to an embodiment of the present invention.

Referring to FIG. 20, the method for forcibly changing authority includes obtaining a request for authority change (S1000), extracting a target for which authority is to be changed (S1010), and transmitting an authentication token with updated authority to the extracted target (S1000). S1020) may be included.

According to some embodiments of the present invention, obtaining a request for permission change may be performed (S1000). A request for permission change may be provided by the user terminal 2000a.

The user terminal 2000a may obtain permission change request information.

The permission change request information may be information requesting to change the user's permission. Permission change according to the permission change request information may mean a continuous change of permission, but is not limited thereto, and may mean a temporary change for which at least one of a deadline and a condition is determined.

Also, the subject of authority change may be at least one of a user and the door 4000 . If the subject of the authority change is a user, it may be to change the authority granted to the selected user. Also, when the subject of authority change is a door, authority may be changed through renewal of an authentication token including authority for the corresponding door.

The user terminal 2000a may output a permission change GUI for obtaining permission change request information through a display unit.

The user terminal 2000a may acquire information on a change target. When the change target is a user, information on the change target may be obtained through at least one method of selecting a user whose authority is to be changed and inputting user identification information. In addition, when the change target is a door, information on the change target may be obtained through at least one method of selecting a door for which authority is to be changed and inputting door identification information.

The user terminal 2000a may obtain information on change details.

When the target of change is a user, change history of at least some of the pre-granted privileges to the user may be acquired. For example, when the user has been granted permission for the first door, the details of change may include contents of revoking the permission for the first door. For another example, when the user does not have the authority for the first door, the change details may include content granting authority for the first door. For another example, the change details may include content for granting permission for the first door only to a specific user.

As such, the details of change may include changes to at least some of previously granted or ungranted authorities.

If the subject of change is a door, information on whether to forcibly restrict or allow access to the door subject to change may be included. For example, when the target of change is a door, the change history may include information requesting to limit the authority of the target door. For another example, the change history may include information requesting compulsory permission for a door subject to change.

Also, according to some embodiments of the present invention, the change history may be the occurrence of a predetermined specific event. For example, a change history could be a fire.

In this case, the change details may be the opening of all doors.

The user terminal 2000a may acquire information about the change condition.

The change condition may be a condition in which the change is valid.

Change conditions may include a change time and target grade.

The change time may be information about a time when permission change is valid. For example, a changed authority may be valid for a limited time depending on the time of the change. For another example, the changed authority may be limitedly effective according to the target level.

The user terminal 2000a may request permission change by transmitting permission change request information to the authentication server 1000 .

In addition, according to some embodiments of the present invention, when the change history is the occurrence of a specific event such as fire, the change condition may be omitted.

Also, according to some embodiments of the present invention, a step of extracting an object for which authority is to be changed may be performed (S1010).

The authentication server 1000 may extract a subject included in the permission change request information.

If a case in which the object included in the permission change request information is a user is described as an example, the authentication server 1000 may extract a user whose permission is to be changed. The authentication server 1000 may extract user identification information included in the change target as a user whose authority is to be changed. In addition, the authentication server 1000 may extract a user of a level included in the change target as an authority change target.

In addition, if the subject included in the permission change request information is a door, as an example, if the permission object is a door, the change history is blocking the door and permitting the door. Different operations may be performed. have.

When the change history is door blocking, the authentication server 1000 may extract a user who has been granted door permission as a permission change target.

Also, when the change history is permission for a door, the authentication server 1000 may extract a user who has not been granted a permission for a door as a subject for permission change.

In addition, according to some embodiments of the present invention, when the change history is the occurrence of a specific event such as a fire, the subject of permission change may be all registered users or all users who have been issued authentication tokens.

Also, according to some embodiments of the present invention, a step of transmitting an authentication token with renewed authority to the extracted target may be performed (S1020).

The authentication server 1000 may transmit an authentication token whose authority has been changed based on the authority change history for each extracted user. For example, if an authentication token with permission for the first door is issued to user A, who is included in the permission change request information, and the permission change history is a request to release the permission for the first door, authentication The server 1000 may transmit a new authentication token that does not include the authority for the first door to the user terminal 2000a of user A. Also, after receiving a new authentication token, the user terminal 2000a of user A may discard the existing authentication token and renew the authentication token with the newly received authentication token.

The authentication server 1000 may restore the original authentication token when a deadline and/or condition for permission change is released.

For example, the authentication server 1000 may transmit an authentication token prior to permission change to the user terminal 2000a to renew the authentication token.

For another example, the authentication server 1000 may transmit a command to the user terminal 2000a to use an authentication token prior to permission change.

The request for permission change does not necessarily have to be obtained through the user terminal 2000a, but can be obtained from the manager terminal 2000b.

In addition, permission change request information may be obtained in association with a separate system such as a fire alarm system and a disaster management system.

In addition, when it is determined that a special event such as a fire or disaster has occurred in conjunction with a separate system such as a fire alarm system and a disaster management system, it is determined that a request for permission change has been obtained, and the subject of permission change is extracted and updated. Authentication information can be transmitted.

When it is determined that such a special event has occurred, an object to which updated authentication information is transmitted may be set in advance in the authentication server 1000 .

In addition, in a situation where a special event occurs, the door opening/closing device 3000 may obtain a notification notifying that a special event has occurred from the terminal 2000, and determine whether a special event has occurred based on information included in the authentication token. can do.

According to some embodiments of the present invention, when it is determined that a special event has occurred, the door opening/closing device 3000 can notify all connected door opening/closing devices 3000 that a special event has occurred, and all doors receiving the notification The opening/closing device 3000 may change the state of the door to always open.

The door opening and closing device 3000 may operate in a different mode in a situation where it is determined that a special event has occurred and in a general situation.

21 is an exemplary view illustrating operations of a door opening and closing device 3000 according to an embodiment of the present invention in a general situation and a special event occurrence situation.

As shown in FIG. 21 , the door opening/closing device 3000 may determine only signals obtained in the first communication range as legitimate signals under normal circumstances. Specifically, the door controller 3700 may obtain a signal transmitted by the terminal 2000 through the door communication unit 3100 . In addition, the door control unit 3700 may determine that the signal acquired through the door communication unit 3100 is a legitimate signal when it is within the first communication range. The door control unit 3700 may determine whether the obtained signal is within the first communication range based on the signal strength. When the signal obtained through the door communication unit 3100 is acquired in the second communication range outside the first communication range, the door control unit 3700 may ignore the acquired signal.

In a situation where a special event occurs, the door control unit 3700 may determine the obtained signal as a valid signal even when a signal is acquired in the second communication range.

When a signal is generated, the terminal 2000 may include and transmit an event occurrence notification indicating that a special event has occurred in the signal.

Even if a signal is acquired in the second communication range, the door control unit 3700 may determine the obtained signal as a legitimate signal without ignoring it if an event occurrence notification notifying that a special event has occurred is included in the acquired signal.

In addition, the door control unit 3700 may perform a predetermined special event operation when an event occurrence notification notifying that a special event has occurred is included in the obtained signal. For example, the door control unit 3700 may perform a special event operation to open the door at all times. For another example, the door control unit 3700 may perform a special event operation to open the door regardless of conditions such as permission.

In addition, according to some embodiments of the present invention, the authentication server 1000 may issue an authentication token capable of registering a specific user with the door opening/closing device 3000 so that only a specific user requested by the terminal 2000 is permitted entry. . The terminal 2000 may transmit an authentication token for registering a specific user to the door opening/closing device 3000, and the door opening/closing device 3000 assumes that only the specific user included in the authentication token has authority to open the door. can judge

4.4. Geo-linked security method

Hereinafter, a regional linkage security method according to an embodiment of the present invention will be described with reference to FIGS. 22 to 25 .

22 is an environment diagram of a regional association security method according to an embodiment of the present invention.

Referring to FIG. 22, in the regional linkage security method according to an embodiment of the present invention, when an accessed user uses electronic devices such as office electronic devices 6000 and hotel electronic devices provided at the accessed location, the user This is an embodiment in which use is granted in consideration of at least one of the authority of the user and whether or not the user has access.

Office electronic devices 6000 provided in offices and electronic devices such as lighting and air conditioners provided in hotel rooms need to be restricted to use only by designated users.

However, if the password of the PC is lost or the hotel room key is lost, a problem may arise in which an arbitrary user uses office electronic devices or hotel electronic devices without permission.

Therefore, in the regional linkage security method according to an embodiment of the present invention, the authentication server 1000 determines whether the user has actually entered the space where the electronic device is located, and permits the use of the electronic device only when the user has entered. This may have the effect of enhancing security.

23 is a flowchart illustrating a local link security method according to an embodiment of the present invention.

Referring to FIG. 23, the regional linkage security method includes a step in which the user terminal 2000a transmits entry history information to the authentication server 1000 (S1100), and the user terminal 2000a requests the use of the office electronic device 6000. Step (S1110), the office electronic device (6000) requesting user authentication to the authentication server (1000) (S1120) and the authentication server (1000) performing user authentication (S1130), the authentication server (1000) Transmitting the authentication result to the office electronic device 6000 (S1140), allowing the office electronic device 6000 to use (S1150), transmitting entry history information by the user terminal 2000a (S1160), and The authentication server 1000 may include transmitting an end command to the office electronic device 6000 (S1170).

According to some embodiments of the present invention, a step of transmitting entry history information from the user terminal 2000a to the authentication server 1000 may be performed (S1100). Here, the authentication server 1000 may be the authentication server 1000 that issued the authentication token, or may be a separate authentication location server other than the authentication server that issued the authentication token 1000 .

When the user terminal 2000a receives authorization information indicating that it is determined to have authority, it may transmit to the authentication server 1000 information informing of this and door identification information for an authorized door.

The authentication server 1000 may acquire permission information and door identification information from the user terminal 2000a and store them.

The authentication server 1000 may determine the space into which the user has entered based on permission information and door identification information.

Also, according to some embodiments of the present invention, a step of requesting use of the user terminal 2000a as the office electronic device 6000 may be performed (S1110).

The user terminal 2000a may request use by transmitting an authentication token to the office electronic device 6000 . To this end, the office electronic device 6000 may be provided with a communication means capable of communicating with the user terminal 2000a.

Alternatively, in the office electronic device 6000, the user terminal 2000a may obtain an input for a use request from the user without going through the user terminal 2000a. To this end, the office electronic device 6000 may include an input means for acquiring a user's input.

When the office electronic device 6000 obtains a request for use through a user's input, the office electronic device 6000 receives at least one of the user's user information, user identification information, and a security key corresponding to the user's identification information through the user's input. can be obtained.

In addition, according to some embodiments of the present invention, a step of requesting user authentication from the office electronic device 6000 to the authentication server 1000 may be performed (S1120).

The office electronic device 6000 may request user authentication by transmitting the acquired authentication token to the authentication server 1000 .

The office electronic device 6000 may determine whether the acquired authentication token includes the authority for the office electronic device 6000, and as a result of the determination, if the authority for the office electronic device 6000 is included, authentication is performed. User authentication may be requested by transmitting the token to the authentication server 1000 . In addition, the office electronic device 6000 may output a rejection message for rejecting use when the determination result does not include the authority for the office electronic device 6000 .

In addition, the office electronic device 6000 may request user authentication by transmitting at least one of the obtained user information, user identification information, and a security key corresponding to the user identification information to the authentication server 1000 .

Also, according to some embodiments of the present invention, a step of performing user authentication by the authentication server 1000 may be performed (S1130).

The authentication server 1000 may determine whether the user corresponding to the authentication token obtained from the office electronic device 6000 has passed through the door. The authentication server 1000 determines whether the user of the authentication token has entered through the door 4000 corresponding to the space where the office electronic device 6000 is located based on at least one of stored permission information, door identification information, and access state information. can judge

In addition, the authentication server 1000 may determine the authority corresponding to the user identification information obtained from the office electronic device 6000 .

In addition, according to some embodiments of the present invention, a step of transmitting an authentication result from the authentication server 1000 to the office electronic device 6000 may be performed (S1140).

The authentication server 1000 may request the office electronic device 6000 to permit use when it is determined that the user of the authentication token has entered through a door corresponding to the space where the office electronic device 6000 is located.

The authentication server 1000 may transmit authorization information corresponding to user identification information to the office electronic device 6000 to request permission to use a function included in the authorization information.

The authentication server 1000 may request the office electronic device 6000 to permit use when it is determined that the user corresponding to the user identification information has entered through a door corresponding to the space where the office electronic device 6000 is located. have.

Also, according to some embodiments of the present invention, a step of permitting use of the office electronic device 6000 based on the authentication result may be performed (S1150).

The office electronic device 6000 may permit use of the office electronic device 6000 when the user authentication result is allowed.

Also, according to some embodiments of the present invention, a step of transmitting advance history information by the user terminal 2000a may be performed (S1160).

The authentication server 1000 may obtain information notifying that the user terminal 2000a has passed through a door in order to go out to a space where the office electronic device 6000 is located.

Also, according to some embodiments of the present invention, a step of transmitting an end command from the authentication server 1000 to the office electronic device 6000 may be performed (S1170).

The authentication server 1000 may request an end to the office electronic device 6000 when obtaining information indicating that the office electronic device 6000 has passed through a door to move to the outside from the user terminal 2000a. . Termination of the office electronic device 6000 may be at least one of power off, screen saver operation, and log off.

4.4.1. Regional Linkage Security Method-Part 1 Variation

The regional linkage security described above may be variously modified according to the purpose.

In a first modification of regional security, the authentication server 1000 may obtain door access information from the user terminal 2000a and transmit a control command to an external controller based on the obtained door access information. .

Hereinafter, for convenience of explanation, an operation in a hotel room will be described by way of example. Conventionally, a physical key has been used to control access to a hotel room and room functions of the hotel room. However, in the case of using such a physical key, there is an inconvenience that the user must carry the physical key. Also, there may be cases where it is desired to activate the hotel room function when the user leaves the hotel room. For example, there is a case in which an air conditioner or a washing machine needs to be operated even when the user leaves a hotel room. In this case, there is a problem that the user cannot leave the hotel room because the physical key must be continuously located inside the hotel room in order to activate the hotel room function. However, when the region-linked security method according to an embodiment of the present invention is applied to an operation in a hotel room, the user terminal can replace the above-mentioned physical key, thereby solving the above-mentioned problems caused by the use of the physical key. It can be. Hereinafter, an embodiment in which the regional association security method according to an embodiment of the present invention is applied to an operation in a hotel room will be described in detail.

Hereinafter, a first modified example of regional linkage security will be described with reference to FIG. 24 .

24 is a flowchart illustrating a first modified example of a local association security method according to an embodiment of the present invention.

In describing the first modified example of the regional linkage security method with reference to FIG. 24, the operation between the user terminal and the door opening and closing device 3000 can be performed according to any one of detailed embodiments 1 and 2, A detailed description thereof will be omitted.

Referring to FIG. 24 , a first modified example of the region linkage security method is a step in which the user terminal (2000a) transmits door passage history information to the authentication server (1000) (S1100), and the authentication server (1000) transmits the hotel controller (7000) Transmitting a room function activation command to (S1200), the hotel controller 7000 activating the room function (S1205), and the user terminal 2000a transmitting entry history information to the authentication server 1000 (S1210). ), the step of the authentication server 1000 sending a command to deactivate the room function to the hotel controller 7000 (S1215), the step of the hotel controller 7000 inactivating the function of the corresponding room (S1220), and the user terminal 2000a A step of requesting function activation (S1225), a step of the authentication server 1000 transmitting an activation command of the requested function to the hotel controller 7000 (S1235), and the hotel controller 7000 activating the requested function of the corresponding room. step (S1235), step of determining whether the authentication server 1000 has obtained the entry history information within a predetermined time (S1240), step of the authentication server 1000 transmitting an inactivation command of the requested function (S1245) and transmitting, by the hotel controller, an inactivation command of the requested function (S1250).

According to some embodiments of the present invention, a step of transmitting entry history information from the user terminal 2000a to the authentication server 1000 may be performed (S1100).

The entry history information may include at least one of information notifying that door opening is permitted, door identification information for the permitted door, and access state information.

The user terminal 2000a may transmit entry history information to the authentication server 1000 upon receiving permission information indicating that it has been determined that the door opening and closing device 3000 has authority to open the door.

The authentication server 1000 may acquire entry history information from the user terminal 2000a and store it.

Also, the authentication server 1000 may determine and store the current location of the user terminal 2000a based on the entry history information.

According to some embodiments of the present invention, a step of transmitting a room function activation command from the authentication server 1000 to the hotel controller 7000 may be performed (S1200).

The authentication server 1000 may transmit a control command to the hotel controller 7000 based on entry history information.

The authentication server 1000 may determine which room the user has entered through the door 4000 based on the entry history information obtained from the user terminal 2000a.

When it is determined that the user has entered the room, the authentication server 1000 may transmit a room function activation command to the hotel controller 7000 to activate a predetermined operation of electronic devices in the room.

Activation and inactivation of the electronic device may be ON and OFF of the electronic device. Alternatively, the activation and inactivation of the electronic device may be whether power is supplied or not supplied to the electronic device.

Depending on the embodiment, the cabin function activation command may be a command for supplying power to the corresponding guest room, and the cabin function inactivation command may be a command for cutting off power supply to the corresponding guest room. In addition, exceptional electronic devices such as refrigerators that must be constantly supplied with power may be excluded from the cabin function activation command and cabin function inactivation command.

According to some embodiments of the present invention, a step of activating the room function by the hotel controller 7000 may be performed (S1205).

The hotel controller 7000 may control to activate the operation of a predetermined electronic device among electronic devices in a room determined to be entered by a user based on a room function activation command obtained from the authentication server 1000 .

According to some embodiments of the present invention, a step of transmitting entry history information from the user terminal 2000a to the authentication server 1000 may be performed (S1210).

The authentication server 1000 may obtain entry history information notifying that the user terminal 2000a has entered through the door.

The entry history information may include at least one of information notifying that door opening is permitted, door identification information for the permitted door, and entry/exit status information.

Here, entry history information and entry history information may have different access state information.

The user terminal 2000a may transmit entry history information to the authentication server 1000 when receiving permission information indicating that it has been determined that the door opening and closing device 3000 has authority to open the door.

The authentication server 1000 may acquire entry history information from the user terminal 2000a and store it.

In addition, the authentication server 1000 may determine that the user terminal 2000a has gone out of the corresponding room based on the entry history information and store it.

According to some embodiments of the present invention, a step of transmitting a room function inactivation command from the authentication server 1000 to the hotel controller 7000 may be performed (S1215).

The authentication server 1000 may transmit a room function deactivation command to the hotel controller 7000 to deactivate devices in the room when it is determined that the user has entered the room from inside the room.

According to some embodiments of the present invention, a step of inactivating the room function by the hotel controller 7000 may be performed (S1220).

The hotel controller 7000 may control to deactivate a function of a corresponding room based on a function inactivation command for a room.

According to some embodiments of the present invention, a step of requesting activation of a cabin function by the user terminal 2000a may be performed (S1225).

The authentication server 1000 may receive a request from the user terminal 2000a to activate functions of at least some of the electronic devices included in the guest room.

For example, the authentication server 1000 may obtain a request for activating an air conditioner among electronic devices included in a guest room from the user terminal 2000a.

The user terminal 2000a may output a GUI for selecting a function to be activated from the user, outputting selectable functions or all functions, and receiving the user's approval of the function activation request.

According to some embodiments of the present invention, a step in which the authentication server 1000 transmits an activation command for the requested function to the hotel controller 7000 may be performed (S1230).

The authentication server 1000 may transmit an activation command for the requested function to the hotel controller 7000 based on the function activation request obtained from the user terminal 2000a.

In addition, the authentication server 1000 may determine whether the user has the authority for the function included in the request, and as a result of the determination, if there is authority for the function included in the request, the hotel controller issues an active command for the requested function. It can be transmitted to (7000).

Also, as a result of the determination, the authentication server 1000 may transmit a rejection message to the user terminal 2000a when there is no authority for the function included in the request.

According to some embodiments of the present invention, a step of activating the requested room function by the hotel controller 7000 may be performed (S1235).

The hotel controller 7000 may activate electronic devices included in the room based on the acquired request function activation command. For example, the hotel controller 7000 may control the air conditioner to be activated when the request included in the request function activation command is to activate the air conditioner. In addition, the hotel controller 7000 may control to execute the detailed command when a detailed request such as a desired temperature is included in the request function activation command. For example, if the detailed command is an indoor temperature of 24 degrees, the hotel controller 7000 may control an air conditioner or heater included in the guest room to maintain the indoor temperature at 24 degrees.

According to some embodiments of the present invention, a step of determining whether the authentication server 1000 obtains entry history information may be performed (S1240).

For example, when receiving a request to turn on the room lights from the user terminal 2000a, the authentication server 1000 may transmit a control command to the hotel controller 7000 to turn on the room lights even if the user has left the room.

After acquiring the function activation request, the authentication server 1000 may determine whether entry history information has been obtained.

More specifically, the authentication server 1000 is installed in the guest room from the user terminal 2000a within a predetermined time from the time when the function activation request is obtained or the activation command for the requested function is transmitted to the hotel controller 7000. It may be determined whether entry history information corresponding to the door has been acquired.

According to some embodiments of the present invention, a step of the authentication server 1000 transmitting an inactivation command of the requested function may be performed (S1245).

The authentication server 1000 determines whether entry history information has been acquired and, when it is determined that entry history information corresponding to the door installed in the guest room has not been obtained from the user terminal 2000a within a predetermined time, functions requested from the hotel controller 7000. of the inactive command can be sent. The requested function inactivation command may be a command canceling a requested function activation command previously transmitted to the hotel controller 7000 upon request from the user terminal 2000a.

According to some embodiments of the present invention, a step of the hotel controller 7000 transmitting an inactivation command of the requested function may be performed (S1250).

The hotel controller 7000 can control the function activated in step S1235 to be deactivated.

For another example, the hotel controller 7000 may cancel the command controlled in step S1235 based on the command to deactivate the requested function.

4.4.2. Regional Linkage Security Method - 2nd Variation

Hereinafter, with reference to FIG. 25, a second modified example of regional linkage security will be described.

25 is a flowchart illustrating a second modified example of a local linkage security method according to an embodiment of the present invention.

Referring to FIG. 25 , a second modified example of the region-linked security method includes acquiring first door entry history information (S1300), activating a room function (S1310), and determining whether or not the second door entry history information is acquired. Step (S1320), maintaining room function activation (S1330), disabling room function (S1340), acquiring second door entry history information (S1350), and activating room function (S1360). can include

According to some embodiments of the present invention, obtaining first door entry history information may be performed (S1300).

The user terminal 2000a may transmit first door entry history information to the authentication server 1000 when permission information is received from the first door opening/closing device 3000a indicating that it has the right to open the first door. .

The first door may be a predetermined door other than a door of a room in which a user stays. For example, the first door may be at least one of hotel lobby doors. For another example, the first door may be a door entering a hallway of a guest room.

The authentication server 1000 may obtain first door entry history information from the user terminal 2000a and store it.

In addition, the authentication server 1000 may determine that the user of the user terminal 2000a entered the first door based on the entry history information and store the information.

Also, according to some embodiments of the present invention, activating a cabin function may be performed (S1310).

The authentication server 1000 may transmit a control command to the hotel controller 7000 based on the first door entry history information.

The authentication server 1000 uses the hotel controller 7000 to activate the operation of predetermined electronic devices among the electronic devices in the room in which the user terminal 2000a is staying based on the first entry history information acquired from the user terminal 2000a. A cabin function activation command may be transmitted.

Activation and inactivation of the electronic device may be ON and OFF of the electronic device. Alternatively, the activation and inactivation of the electronic device may be whether power is supplied or not supplied to the electronic device.

Depending on embodiments, the cabin function activation command may be a command for supplying power to the corresponding guest room, and the cabin function inactivation command may be a command for cutting off power supply to the corresponding guest room. In addition, exceptional electronic devices such as refrigerators that must be constantly supplied with power may be excluded from the cabin function activation command and cabin function inactivation command.

Also, according to some embodiments of the present invention, a step of determining whether second door access history information is obtained may be performed (S1320).

The authentication server 1000 may determine whether or not the second door access history information for the second door provided to the room in which the user stays is obtained.

More specifically, the authentication server 1000 sends the second door from the user terminal 2000a within a predetermined time from the time when the first door entry history information is acquired or the room function activation command is transmitted to the hotel controller 7000. It may be determined whether entry history information has been acquired.

Also, according to some embodiments of the present invention, a step of maintaining the activation of the cabin function may be performed (S1330).

When the authentication server 1000 acquires the second door access history information, it is possible to maintain the activation of the cabin function. More specifically, the authentication server 1000 enters the second door from the user terminal 2000a within a predetermined time from the time when the first door entry history information is acquired or the room function activation command is transmitted to the hotel controller 7000. When the history information is acquired, it is possible to maintain activation of the room function.

Maintaining the activation of the room function may be not transmitting a command to cancel a command to activate a room function or a command to deactivate a room function to the hotel controller 7000 .

Also, according to some embodiments of the present invention, a step of deactivating a cabin function may be performed (S1340).

The authentication server 1000 may transmit a room function deactivation command to the hotel controller 7000 to deactivate the room function when the second door access history information is not obtained. More specifically, the authentication server 1000 enters the second door from the user terminal 2000a within a predetermined time from the time when the first door entry history information is acquired or the room function activation command is transmitted to the hotel controller 7000. If the history information is not obtained, a command to deactivate the room function may be transmitted to the hotel controller 7000 .

Also, according to some embodiments of the present invention, a step of acquiring second door access history information may be performed (S1350).

The user terminal 2000a may transmit second door entry history information to the authentication server 1000 when receiving permission information indicating that it has been determined to have the right to open the second door from the second door opening and closing device 3000b. .

The second door may be a door of a room in which the user stays. For example, the second door may be an access door of a room in which the user stays.

The authentication server 1000 may acquire second door entry history information from the user terminal 2000a and store it.

In addition, the authentication server 1000 may determine that the user of the user terminal 2000a entered the second door based on the entry history information and store the information.

Also, according to some embodiments of the present invention, activating a cabin function may be performed (S1360).

The authentication server 1000 uses the hotel controller 7000 to activate the operation of predetermined electronic devices among the electronic devices in the room in which the user terminal 2000a is staying based on the second entry history information obtained from the user terminal 2000a. A cabin function activation command may be transmitted.

Therefore, in the modified example of the regional linkage security method according to an embodiment of the present invention, even if the door key or card is lost, if the entry into the room is not confirmed, the electronic device is not activated, so unauthorized intrusion and electronic devices in the room are not activated. use can be prevented. In addition, in the modified example of the regional connection security method according to an embodiment of the present invention, user convenience can be increased by requesting activation of some functions even while going out.

In the above, the configuration and characteristics of the present invention have been described based on the embodiments according to the present invention, but the present invention is not limited thereto, and various changes or modifications can be made within the spirit and scope of the present invention. It is apparent to those skilled in the art, and therefore such changes or modifications are intended to fall within the scope of the appended claims.

Claims (13)

As an access management method that determines whether or not to use electronic devices,
obtaining an authentication token of the user terminal; -The authentication token includes information on a target security area accessible to the user of the user terminal and a target electronic device available to the user of the user terminal -
determining whether the user has entered the target security area; and - the authentication token is used to determine the access authority for the user's entry into the target security area -
Determining whether or not the user has permission to use the electronic device based on the authentication token when the user enters the target security area
including,
How to manage access.
According to claim 1,
Determining whether there is permission to use the electronic device based on the authentication token,
When the electronic device is included in the target electronic device in the authentication token, it is determined that the electronic device has the right to use the electronic device.
How to manage access.
According to claim 1,
The step of determining whether the user has entered the target security area,
Determining whether the user has entered the target security area based on access state information included in the authentication token,
How to manage access.
According to claim 3,
The step of determining whether the user has entered the target security area,
obtaining access history information from the user terminal; and
Determining whether the user has entered the target security area based on the entry history information;
How to manage access.
According to claim 3,
The step of determining whether or not there is a right to use the electronic device,
When it is determined that the user has entered through a door corresponding to the space where the electronic device is located, determining that use is permitted
How to manage access.
According to claim 1,
obtaining entry history information from the user terminal; and
Transmitting an end command to the electronic device when the entry history information is obtained; further comprising
How to manage access.
delete delete obtaining access history information on the first door;
requesting activation of a room function of a room occupied by a user of a user terminal that has transmitted access history information on the first door;
determining whether access history information on a second door is acquired within a predetermined time; and
Requesting to deactivate the guest room function of the guest room when access history information on the second door is not obtained within the predetermined time period;
How to manage access.
According to claim 9,
The first door is a hotel lobby door, and the second door is a room access door.
How to manage access.
According to claim 9,
Requesting activation of the guest room function of the guest room when access history information on the second door is acquired after the predetermined time has elapsed; further comprising
How to manage access.
A recording medium on which a program for performing the method of any one of claims 1 to 6 and 9 to 11 is recorded.
A server device that determines whether electronic devices are permitted to be used,
Obtaining an authentication token of a user terminal, the authentication token including information on a target security area to which the user of the user terminal can enter and a target electronic device that the user of the user terminal can access -
Determining whether the user has entered the target security area, and -The authentication token is used to determine the access authority for the user's entry into the target security area-
Including a server control unit for determining whether the user has permission to use the electronic device based on the authentication token when the user enters the target security area,
server device.

Images